From a90aa21ef527ad71927e81c1021a17312215f08c Mon Sep 17 00:00:00 2001 From: Martin Wilke Date: Mon, 28 Apr 2008 07:39:59 +0000 Subject: - Fix zlib crash from zlib.decompressobj().flush(val) when val was not positive. It tried to allocate negative or zero memory. That fails. - Bump PORTREVISION PR: 123153 Submitted by: Nick Barkas Security: http://www.vuxml.org/freebsd/ec41c3e2-129c-11dd-bab7-0016179b2dd5.html --- lang/python23/Makefile | 1 + lang/python23/files/patch-Lib-test-test_zlib.py | 14 ++++++++++++++ lang/python23/files/patch-Modules-zlibmodule.c | 13 +++++++++++++ lang/python24/Makefile | 1 + lang/python24/files/patch-Lib-test-test_zlib.py | 14 ++++++++++++++ lang/python24/files/patch-Modules-zlibmodule.c | 13 +++++++++++++ 6 files changed, 56 insertions(+) create mode 100644 lang/python23/files/patch-Lib-test-test_zlib.py create mode 100644 lang/python23/files/patch-Modules-zlibmodule.c create mode 100644 lang/python24/files/patch-Lib-test-test_zlib.py create mode 100644 lang/python24/files/patch-Modules-zlibmodule.c diff --git a/lang/python23/Makefile b/lang/python23/Makefile index 5dfd1913ecd1..8a250902289c 100644 --- a/lang/python23/Makefile +++ b/lang/python23/Makefile @@ -7,6 +7,7 @@ PORTNAME= python23 PORTVERSION= 2.3.6 +PORTREVISION= 1 CATEGORIES= lang python ipv6 MASTER_SITES= ${PYTHON_MASTER_SITES} MASTER_SITE_SUBDIR= ${PYTHON_MASTER_SITE_SUBDIR} diff --git a/lang/python23/files/patch-Lib-test-test_zlib.py b/lang/python23/files/patch-Lib-test-test_zlib.py new file mode 100644 index 000000000000..425572d2574d --- /dev/null +++ b/lang/python23/files/patch-Lib-test-test_zlib.py @@ -0,0 +1,14 @@ +--- Lib/test/test_zlib.py 2008/04/08 23:47:30 62234 ++++ Lib/test/test_zlib.py 2008/04/09 00:25:17 62235 +@@ -83,6 +83,11 @@ + # verify failure on building decompress object with bad params + self.assertRaises(ValueError, zlib.decompressobj, 0) + ++ def test_decompressobj_badflush(self): ++ # verify failure on calling decompressobj.flush with bad params ++ self.assertRaises(ValueError, zlib.decompressobj().flush, 0) ++ self.assertRaises(ValueError, zlib.decompressobj().flush, -1) ++ + + + class CompressTestCase(unittest.TestCase): diff --git a/lang/python23/files/patch-Modules-zlibmodule.c b/lang/python23/files/patch-Modules-zlibmodule.c new file mode 100644 index 000000000000..7875a40ada7c --- /dev/null +++ b/lang/python23/files/patch-Modules-zlibmodule.c @@ -0,0 +1,13 @@ +--- Modules/zlibmodule.c.orig 2008-04-25 01:47:26.000000000 +0200 ++++ Modules/zlibmodule.c 2008-04-25 01:48:17.000000000 +0200 +@@ -774,6 +774,10 @@ + + if (!PyArg_ParseTuple(args, "|i:flush", &length)) + return NULL; ++ if (length <= 0) { ++ PyErr_SetString(PyExc_ValueError, "length must be greater than zero"); ++ return NULL; ++ } + if (!(retval = PyString_FromStringAndSize(NULL, length))) + return NULL; + diff --git a/lang/python24/Makefile b/lang/python24/Makefile index a659af4cf734..efd6994a7d08 100644 --- a/lang/python24/Makefile +++ b/lang/python24/Makefile @@ -7,6 +7,7 @@ PORTNAME= python24 PORTVERSION= 2.4.5 +PORTREVSION= 1 CATEGORIES= lang python ipv6 MASTER_SITES= ${PYTHON_MASTER_SITES} MASTER_SITE_SUBDIR= ${PYTHON_MASTER_SITE_SUBDIR} diff --git a/lang/python24/files/patch-Lib-test-test_zlib.py b/lang/python24/files/patch-Lib-test-test_zlib.py new file mode 100644 index 000000000000..425572d2574d --- /dev/null +++ b/lang/python24/files/patch-Lib-test-test_zlib.py @@ -0,0 +1,14 @@ +--- Lib/test/test_zlib.py 2008/04/08 23:47:30 62234 ++++ Lib/test/test_zlib.py 2008/04/09 00:25:17 62235 +@@ -83,6 +83,11 @@ + # verify failure on building decompress object with bad params + self.assertRaises(ValueError, zlib.decompressobj, 0) + ++ def test_decompressobj_badflush(self): ++ # verify failure on calling decompressobj.flush with bad params ++ self.assertRaises(ValueError, zlib.decompressobj().flush, 0) ++ self.assertRaises(ValueError, zlib.decompressobj().flush, -1) ++ + + + class CompressTestCase(unittest.TestCase): diff --git a/lang/python24/files/patch-Modules-zlibmodule.c b/lang/python24/files/patch-Modules-zlibmodule.c new file mode 100644 index 000000000000..7875a40ada7c --- /dev/null +++ b/lang/python24/files/patch-Modules-zlibmodule.c @@ -0,0 +1,13 @@ +--- Modules/zlibmodule.c.orig 2008-04-25 01:47:26.000000000 +0200 ++++ Modules/zlibmodule.c 2008-04-25 01:48:17.000000000 +0200 +@@ -774,6 +774,10 @@ + + if (!PyArg_ParseTuple(args, "|i:flush", &length)) + return NULL; ++ if (length <= 0) { ++ PyErr_SetString(PyExc_ValueError, "length must be greater than zero"); ++ return NULL; ++ } + if (!(retval = PyString_FromStringAndSize(NULL, length))) + return NULL; + -- cgit v1.2.3