[oe-commits] Maxin B. John : python: Fix CVE-2014-1912

git at git.openembedded.org git at git.openembedded.org
Tue Apr 8 16:49:57 UTC 2014 

Module: openembedded-core.git
Branch: master-next
Commit: 344049ccfa59ae489c35fe0fb7592f7d34720b51
URL:    http://git.openembedded.org/?p=openembedded-core.git&a=commit;h=344049ccfa59ae489c35fe0fb7592f7d34720b51

Author: Maxin B. John <maxin.john at enea.com>
Date:   Mon Apr  7 17:48:11 2014 +0200

python: Fix CVE-2014-1912

A remote user can send specially crafted data to trigger a buffer overflow
in socket.recvfrom_into() and execute arbitrary code on the target system.
The code will run with the privileges of the target service.

This back-ported patch fixes CVE-2014-1912

Signed-off-by: Maxin B. John <maxin.john at enea.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

---

 .../python/python/python-2.7.3-CVE-2014-1912.patch | 26 ++++++++++++++++++++++
 meta/recipes-devtools/python/python_2.7.3.bb       |  1 +
 2 files changed, 27 insertions(+)

diff --git a/meta/recipes-devtools/python/python/python-2.7.3-CVE-2014-1912.patch b/meta/recipes-devtools/python/python/python-2.7.3-CVE-2014-1912.patch
new file mode 100644
index 0000000..02cc83d
--- /dev/null
+++ b/meta/recipes-devtools/python/python/python-2.7.3-CVE-2014-1912.patch
@@ -0,0 +1,26 @@
+Upstream-Status: Backport
+
+Reference: http://bugs.python.org/issue20246
+
+CVE-2014-1912: Python buffer overflow in socket.recvfrom_into()
+lets remote users execute arbitrary code.Original patch by Benjamin Peterson
+
+Signed-off-by: Maxin B. John <maxin.john at enea.com>
+---
+diff -r 40fb60df4755 Modules/socketmodule.c
+--- a/Modules/socketmodule.c	Sun Jan 12 12:11:47 2014 +0200
++++ b/Modules/socketmodule.c	Mon Jan 13 16:36:35 2014 -0800
+@@ -2744,6 +2744,13 @@
+         recvlen = buflen;
+     }
+ 
++    /* Check if the buffer is large enough */
++    if (buflen < recvlen) {
++        PyErr_SetString(PyExc_ValueError,
++                        "buffer too small for requested bytes");
++        goto error;
++    }
++
+     readlen = sock_recvfrom_guts(s, buf.buf, recvlen, flags, &addr);
+     if (readlen < 0) {
+         /* Return an error */
diff --git a/meta/recipes-devtools/python/python_2.7.3.bb b/meta/recipes-devtools/python/python_2.7.3.bb
index c7bb9b4..0d64172 100644
--- a/meta/recipes-devtools/python/python_2.7.3.bb
+++ b/meta/recipes-devtools/python/python_2.7.3.bb
@@ -35,6 +35,7 @@ SRC_URI += "\
   file://parallel-makeinst-create-bindir.patch \
   file://python-2.7.3-CVE-2013-1752-smtplib-fix.patch \
   file://python-fix-build-error-with-Readline-6.3.patch \
+  file://python-2.7.3-CVE-2014-1912.patch \
 "
 
 S = "${WORKDIR}/Python-${PV}"

More information about the Openembedded-commits mailing list