diff options
author | Serhiy Storchaka <storchaka@gmail.com> | 2015-02-15 22:32:41 (GMT) |
---|---|---|
committer | Serhiy Storchaka <storchaka@gmail.com> | 2015-02-15 22:32:41 (GMT) |
commit | 23edd49e5bb05d8999d5a181d17d3f4226243ac1 (patch) | |
tree | ad769c84f68261ed5b76fb0bd166d8274b097dde /Lib/dbm | |
parent | c481bfb3f62787e9ef0947785df7383a173a23c3 (diff) | |
parent | 74eb8b2d1a1db905cffc4efcd1cefaf1f725cd81 (diff) | |
download | cpython-23edd49e5bb05d8999d5a181d17d3f4226243ac1.zip cpython-23edd49e5bb05d8999d5a181d17d3f4226243ac1.tar.gz cpython-23edd49e5bb05d8999d5a181d17d3f4226243ac1.tar.bz2 |
Issue #22885: Fixed arbitrary code execution vulnerability in the dbm.dumb
module. Original patch by Claudiu Popa.
Diffstat (limited to 'Lib/dbm')
-rw-r--r-- | Lib/dbm/dumb.py | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/Lib/dbm/dumb.py b/Lib/dbm/dumb.py index f95ab85..3424096 100644 --- a/Lib/dbm/dumb.py +++ b/Lib/dbm/dumb.py @@ -21,6 +21,7 @@ is read when the database is opened, and some updates rewrite the whole index) """ +import ast as _ast import io as _io import os as _os import collections @@ -95,7 +96,7 @@ class _Database(collections.MutableMapping): with f: for line in f: line = line.rstrip() - key, pos_and_siz_pair = eval(line) + key, pos_and_siz_pair = _ast.literal_eval(line) key = key.encode('Latin-1') self._index[key] = pos_and_siz_pair |