pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/lang/python24 Add a patch from the upstream 2.5 branch...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/cb6ef8aa58d7
branches:  trunk
changeset: 545547:cb6ef8aa58d7
user:      drochner <drochner%pkgsrc.org@localhost>
date:      Thu Aug 07 11:20:18 2008 +0000

description:
Add a patch from the upstream 2.5 branch (svn rev.63883) to fix an
integer overflow in the vsnprintf replacement function.
This is likely not a real problem, and the patch wasn't pulled to
the upstream 2.4 branch, but so we can formally declare our 2.4
as not vulnerable now.

diffstat:

 lang/python24/distinfo         |   3 +-
 lang/python24/patches/patch-bm |  57 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 59 insertions(+), 1 deletions(-)

diffs (75 lines):

diff -r c21e097b3f91 -r cb6ef8aa58d7 lang/python24/distinfo
--- a/lang/python24/distinfo    Thu Aug 07 10:47:43 2008 +0000
+++ b/lang/python24/distinfo    Thu Aug 07 11:20:18 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.30 2008/08/05 10:45:45 drochner Exp $
+$NetBSD: distinfo,v 1.31 2008/08/07 11:20:18 drochner Exp $
 
 SHA1 (Python-2.4.5.tar.bz2) = 6e9e1ac2b70cc10c36063a25ab5a5ddb53177107
 RMD160 (Python-2.4.5.tar.bz2) = b43f2114697be751f03ec7cfb46f8c4946a73097
@@ -35,3 +35,4 @@
 SHA1 (patch-bj) = ee23fac376746e48ee00e73b9ecc688086b7bc98
 SHA1 (patch-bk) = 4af3c66a3f6b773dc5fc14943a36b0906024e885
 SHA1 (patch-bl) = 9a192f5f4afd4296493599414a714bba6085d897
+SHA1 (patch-bm) = bd8a9f5b2cc3909bc69d9b585b42643057dae646
diff -r c21e097b3f91 -r cb6ef8aa58d7 lang/python24/patches/patch-bm
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/python24/patches/patch-bm    Thu Aug 07 11:20:18 2008 +0000
@@ -0,0 +1,57 @@
+$NetBSD: patch-bm,v 1.1 2008/08/07 11:20:18 drochner Exp $
+
+--- Python/mysnprintf.c.orig   2001-12-21 17:32:15.000000000 +0100
++++ Python/mysnprintf.c
+@@ -54,18 +54,28 @@ int
+ PyOS_vsnprintf(char *str, size_t size, const char  *format, va_list va)
+ {
+       int len;  /* # bytes written, excluding \0 */
+-#ifndef HAVE_SNPRINTF
++#ifdef HAVE_SNPRINTF
++#define _PyOS_vsnprintf_EXTRA_SPACE 1
++#else
++#define _PyOS_vsnprintf_EXTRA_SPACE 512
+       char *buffer;
+ #endif
+       assert(str != NULL);
+       assert(size > 0);
+       assert(format != NULL);
++      /* We take a size_t as input but return an int.  Sanity check
++       * our input so that it won't cause an overflow in the
++         * vsnprintf return value or the buffer malloc size.  */
++      if (size > INT_MAX - _PyOS_vsnprintf_EXTRA_SPACE) {
++              len = -666;
++              goto Done;
++      }
+ 
+ #ifdef HAVE_SNPRINTF
+       len = vsnprintf(str, size, format, va);
+ #else
+       /* Emulate it. */
+-      buffer = PyMem_MALLOC(size + 512);
++      buffer = PyMem_MALLOC(size + _PyOS_vsnprintf_EXTRA_SPACE);
+       if (buffer == NULL) {
+               len = -666;
+               goto Done;
+@@ -75,7 +85,7 @@ PyOS_vsnprintf(char *str, size_t size, c
+       if (len < 0)
+               /* ignore the error */;
+ 
+-      else if ((size_t)len >= size + 512)
++      else if ((size_t)len >= size + _PyOS_vsnprintf_EXTRA_SPACE)
+               Py_FatalError("Buffer overflow in PyOS_snprintf/PyOS_vsnprintf");
+ 
+       else {
+@@ -86,8 +96,10 @@ PyOS_vsnprintf(char *str, size_t size, c
+               str[to_copy] = '\0';
+       }
+       PyMem_FREE(buffer);
+-Done:
+ #endif
+-      str[size-1] = '\0';
++Done:
++      if (size > 0)
++              str[size-1] = '\0';
+       return len;
++#undef _PyOS_vsnprintf_EXTRA_SPACE
+ }



Home | Main Index | Thread Index | Old Index