aboutsummaryrefslogtreecommitdiff
path: root/lang/python24/files
diff options
context:
space:
mode:
authorHye-Shik Chang <perky@FreeBSD.org>2005-02-04 04:13:41 +0000
committerHye-Shik Chang <perky@FreeBSD.org>2005-02-04 04:13:41 +0000
commitd19bc113cfd16071370c9f044233b211190d5924 (patch)
treeae0d7b174f39c039e4f5a40cef6a61e524ca04d4 /lang/python24/files
parentfd1e0e8128354df5e58b9c8bb4e48009d5b2b5ea (diff)
Add a patch from PSF-2005-001 which fixes SimpleXMLRPCServer
vulnerability. PR: 77078 Submitted by: Marcus Grando <marcus@corp.grupos.com.br> Security: CAN-2005-0089 Security: http://www.vuxml.org/freebsd/6afa87d3-764b-11d9-b0e7-0000e249a0a2.html Security: SimpleXMLRPCServer.py allows unrestricted traversal
Notes
Notes: svn path=/head/; revision=128014
Diffstat (limited to 'lang/python24/files')
-rw-r--r--lang/python24/files/patch-Lib::SimpleXMLRPCServer.py125
1 files changed, 125 insertions, 0 deletions
diff --git a/lang/python24/files/patch-Lib::SimpleXMLRPCServer.py b/lang/python24/files/patch-Lib::SimpleXMLRPCServer.py
new file mode 100644
index 000000000000..54b8b4523f4e
--- /dev/null
+++ b/lang/python24/files/patch-Lib::SimpleXMLRPCServer.py
@@ -0,0 +1,125 @@
+Index: Lib/SimpleXMLRPCServer.py
+===================================================================
+RCS file: /cvsroot/python/python/dist/src/Lib/SimpleXMLRPCServer.py,v
+retrieving revision 1.7.8.1
+diff -c -r1.7.8.1 SimpleXMLRPCServer.py
+*** Lib/SimpleXMLRPCServer.py 3 Oct 2004 23:23:00 -0000 1.7.8.1
+--- Lib/SimpleXMLRPCServer.py 3 Feb 2005 05:33:55 -0000
+***************
+*** 107,120 ****
+ import types
+ import os
+
+! def resolve_dotted_attribute(obj, attr):
+ """resolve_dotted_attribute(a, 'b.c.d') => a.b.c.d
+
+ Resolves a dotted attribute name to an object. Raises
+ an AttributeError if any attribute in the chain starts with a '_'.
+ """
+
+! for i in attr.split('.'):
+ if i.startswith('_'):
+ raise AttributeError(
+ 'attempt to access private attribute "%s"' % i
+--- 107,128 ----
+ import types
+ import os
+
+! def resolve_dotted_attribute(obj, attr, allow_dotted_names=True):
+ """resolve_dotted_attribute(a, 'b.c.d') => a.b.c.d
+
+ Resolves a dotted attribute name to an object. Raises
+ an AttributeError if any attribute in the chain starts with a '_'.
++
++ If the optional allow_dotted_names argument is false, dots are not
++ supported and this function operates similar to getattr(obj, attr).
+ """
+
+! if allow_dotted_names:
+! attrs = attr.split('.')
+! else:
+! attrs = [attr]
+!
+! for i in attrs:
+ if i.startswith('_'):
+ raise AttributeError(
+ 'attempt to access private attribute "%s"' % i
+***************
+*** 156,162 ****
+ self.funcs = {}
+ self.instance = None
+
+! def register_instance(self, instance):
+ """Registers an instance to respond to XML-RPC requests.
+
+ Only one instance can be installed at a time.
+--- 164,170 ----
+ self.funcs = {}
+ self.instance = None
+
+! def register_instance(self, instance, allow_dotted_names=False):
+ """Registers an instance to respond to XML-RPC requests.
+
+ Only one instance can be installed at a time.
+***************
+*** 174,182 ****
+--- 182,204 ----
+
+ If a registered function matches a XML-RPC request, then it
+ will be called instead of the registered instance.
++
++ If the optional allow_dotted_names argument is true and the
++ instance does not have a _dispatch method, method names
++ containing dots are supported and resolved, as long as none of
++ the name segments start with an '_'.
++
++ *** SECURITY WARNING: ***
++
++ Enabling the allow_dotted_names options allows intruders
++ to access your module's global variables and may allow
++ intruders to execute arbitrary code on your machine. Only
++ use this option on a secure, closed network.
++
+ """
+
+ self.instance = instance
++ self.allow_dotted_names = allow_dotted_names
+
+ def register_function(self, function, name = None):
+ """Registers a function to respond to XML-RPC requests.
+***************
+*** 295,301 ****
+ try:
+ method = resolve_dotted_attribute(
+ self.instance,
+! method_name
+ )
+ except AttributeError:
+ pass
+--- 317,324 ----
+ try:
+ method = resolve_dotted_attribute(
+ self.instance,
+! method_name,
+! self.allow_dotted_names
+ )
+ except AttributeError:
+ pass
+***************
+*** 374,380 ****
+ try:
+ func = resolve_dotted_attribute(
+ self.instance,
+! method
+ )
+ except AttributeError:
+ pass
+--- 397,404 ----
+ try:
+ func = resolve_dotted_attribute(
+ self.instance,
+! method,
+! self.allow_dotted_names
+ )
+ except AttributeError:
+ pass