You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
39 lines
1.2 KiB
39 lines
1.2 KiB
From 0f12cb75c708978f9201c1dd3464d2a8572b4544 Mon Sep 17 00:00:00 2001 |
|
From: Charalampos Stratakis <cstratak@redhat.com> |
|
Date: Fri, 8 Jul 2016 20:24:10 +0200 |
|
Subject: [PATCH] CVE-2016-5636 fix |
|
|
|
--- |
|
Modules/zipimport.c | 9 +++++++++ |
|
1 file changed, 9 insertions(+) |
|
|
|
diff --git a/Modules/zipimport.c b/Modules/zipimport.c |
|
index 7240cb4..2e6a61f 100644 |
|
--- a/Modules/zipimport.c |
|
+++ b/Modules/zipimport.c |
|
@@ -861,6 +861,10 @@ get_data(char *archive, PyObject *toc_entry) |
|
&date, &crc)) { |
|
return NULL; |
|
} |
|
+ if (data_size < 0) { |
|
+ PyErr_Format(ZipImportError, "negative data size"); |
|
+ return NULL; |
|
+ } |
|
|
|
fp = fopen(archive, "rb"); |
|
if (!fp) { |
|
@@ -895,6 +899,11 @@ get_data(char *archive, PyObject *toc_entry) |
|
PyMarshal_ReadShortFromFile(fp); /* local header size */ |
|
file_offset += l; /* Start of file data */ |
|
|
|
+ if (data_size > LONG_MAX - 1) { |
|
+ fclose(fp); |
|
+ PyErr_NoMemory(); |
|
+ return NULL; |
|
+ } |
|
raw_data = PyString_FromStringAndSize((char *)NULL, compress == 0 ? |
|
data_size : data_size + 1); |
|
if (raw_data == NULL) { |
|
-- |
|
2.7.4 |
|
|
|
|