[Python-checkins] cpython (merge 2.7 -> 3.1): complain when nbytes > buflen to fix possible buffer overflow (closes #20246)
benjamin.peterson
python-checkins at python.org
Tue Jan 14 05:15:09 CET 2014
http://hg.python.org/cpython/rev/715fd3d8ac93
changeset: 88454:715fd3d8ac93
branch: 3.1
parent: 86777:b1ddcb220a7f
parent: 88453:87673659d8f7
user: Benjamin Peterson <benjamin at python.org>
date: Mon Jan 13 23:06:14 2014 -0500
summary:
complain when nbytes > buflen to fix possible buffer overflow (closes #20246)
files:
Lib/test/test_socket.py | 8 ++++++++
Misc/ACKS | 1 +
Misc/NEWS | 2 ++
Modules/socketmodule.c | 6 ++++++
4 files changed, 17 insertions(+), 0 deletions(-)
diff --git a/Lib/test/test_socket.py b/Lib/test/test_socket.py
--- a/Lib/test/test_socket.py
+++ b/Lib/test/test_socket.py
@@ -1424,6 +1424,14 @@
buf = bytes(MSG)
self.serv_conn.send(buf)
+ def testRecvFromIntoSmallBuffer(self):
+ # See issue #20246.
+ buf = bytearray(8)
+ self.assertRaises(ValueError, self.cli_conn.recvfrom_into, buf, 1024)
+
+ def _testRecvFromIntoSmallBuffer(self):
+ self.serv_conn.send(MSG*2048)
+
TIPC_STYPE = 2000
TIPC_LOWER = 200
diff --git a/Misc/ACKS b/Misc/ACKS
--- a/Misc/ACKS
+++ b/Misc/ACKS
@@ -757,6 +757,7 @@
Eric V. Smith
Christopher Smith
Gregory P. Smith
+Ryan Smith-Roberts
Rafal Smotrzyk
Dirk Soede
Paul Sokolovsky
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -13,6 +13,8 @@
Library
-------
+- Issue #20246: Fix buffer overflow in socket.recvfrom_into.
+
- Issue #19435: Fix directory traversal attack on CGIHttpRequestHandler.
- Issue #14984: On POSIX systems, when netrc is called without a filename
diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c
--- a/Modules/socketmodule.c
+++ b/Modules/socketmodule.c
@@ -2494,6 +2494,12 @@
if (recvlen == 0) {
/* If nbytes was not specified, use the buffer's length */
recvlen = buflen;
+ } else if (recvlen > buflen) {
+ PyBuffer_Release(&pbuf);
+ Py_XDECREF(addr);
+ PyErr_SetString(PyExc_ValueError,
+ "nbytes is greater than the length of the buffer");
+ return NULL;
}
readlen = sock_recvfrom_guts(s, buf, recvlen, flags, &addr);
--
Repository URL: http://hg.python.org/cpython
More information about the Python-checkins
mailing list