58 lines
1.8 KiB
Diff
58 lines
1.8 KiB
Diff
# Edited from Mercurial patch: deleted the NEWS hunk, since it didn't apply cleanly.
|
|
# It added the following line to NEWS:
|
|
# - Issue #20246: Fix buffer overflow in socket.recvfrom_into.
|
|
|
|
|
|
# HG changeset patch
|
|
# User Benjamin Peterson <benjamin@python.org>
|
|
# Date 1389671978 18000
|
|
# Node ID 9c56217e5c793685eeaf0ee224848c402bdf1e4c
|
|
# Parent 2b5cd6d4d149dea6c6941b7e07ada248b29fc9f6
|
|
complain when nbytes > buflen to fix possible buffer overflow (closes #20246)
|
|
|
|
diff --git a/Lib/test/test_socket.py b/Lib/test/test_socket.py
|
|
--- a/Lib/test/test_socket.py
|
|
+++ b/Lib/test/test_socket.py
|
|
@@ -1968,6 +1968,14 @@ class BufferIOTest(SocketConnectedTest):
|
|
|
|
_testRecvFromIntoMemoryview = _testRecvFromIntoArray
|
|
|
|
+ def testRecvFromIntoSmallBuffer(self):
|
|
+ # See issue #20246.
|
|
+ buf = bytearray(8)
|
|
+ self.assertRaises(ValueError, self.cli_conn.recvfrom_into, buf, 1024)
|
|
+
|
|
+ def _testRecvFromIntoSmallBuffer(self):
|
|
+ self.serv_conn.send(MSG*2048)
|
|
+
|
|
|
|
TIPC_STYPE = 2000
|
|
TIPC_LOWER = 200
|
|
diff --git a/Misc/ACKS b/Misc/ACKS
|
|
--- a/Misc/ACKS
|
|
+++ b/Misc/ACKS
|
|
@@ -1020,6 +1020,7 @@ Eric V. Smith
|
|
Christopher Smith
|
|
Gregory P. Smith
|
|
Roy Smith
|
|
+Ryan Smith-Roberts
|
|
Rafal Smotrzyk
|
|
Dirk Soede
|
|
Paul Sokolovsky
|
|
diff --git a/Misc/NEWS b/Misc/NEWS
|
|
--- a/Modules/socketmodule.c
|
|
+++ b/Modules/socketmodule.c
|
|
@@ -2598,6 +2598,11 @@ sock_recvfrom_into(PySocketSockObject *s
|
|
if (recvlen == 0) {
|
|
/* If nbytes was not specified, use the buffer's length */
|
|
recvlen = buflen;
|
|
+ } else if (recvlen > buflen) {
|
|
+ PyBuffer_Release(&pbuf);
|
|
+ PyErr_SetString(PyExc_ValueError,
|
|
+ "nbytes is greater than the length of the buffer");
|
|
+ return NULL;
|
|
}
|
|
|
|
readlen = sock_recvfrom_guts(s, buf, recvlen, flags, &addr);
|
|
|