summaryrefslogtreecommitdiffstats
path: root/Lib/dbm
diff options
context:
space:
mode:
authorSerhiy Storchaka <storchaka@gmail.com>2015-02-15 22:32:41 (GMT)
committerSerhiy Storchaka <storchaka@gmail.com>2015-02-15 22:32:41 (GMT)
commit23edd49e5bb05d8999d5a181d17d3f4226243ac1 (patch)
treead769c84f68261ed5b76fb0bd166d8274b097dde /Lib/dbm
parentc481bfb3f62787e9ef0947785df7383a173a23c3 (diff)
parent74eb8b2d1a1db905cffc4efcd1cefaf1f725cd81 (diff)
downloadcpython-23edd49e5bb05d8999d5a181d17d3f4226243ac1.zip
cpython-23edd49e5bb05d8999d5a181d17d3f4226243ac1.tar.gz
cpython-23edd49e5bb05d8999d5a181d17d3f4226243ac1.tar.bz2
Issue #22885: Fixed arbitrary code execution vulnerability in the dbm.dumb
module. Original patch by Claudiu Popa.
Diffstat (limited to 'Lib/dbm')
-rw-r--r--Lib/dbm/dumb.py3
1 files changed, 2 insertions, 1 deletions
diff --git a/Lib/dbm/dumb.py b/Lib/dbm/dumb.py
index f95ab85..3424096 100644
--- a/Lib/dbm/dumb.py
+++ b/Lib/dbm/dumb.py
@@ -21,6 +21,7 @@ is read when the database is opened, and some updates rewrite the whole index)
"""
+import ast as _ast
import io as _io
import os as _os
import collections
@@ -95,7 +96,7 @@ class _Database(collections.MutableMapping):
with f:
for line in f:
line = line.rstrip()
- key, pos_and_siz_pair = eval(line)
+ key, pos_and_siz_pair = _ast.literal_eval(line)
key = key.encode('Latin-1')
self._index[key] = pos_and_siz_pair