diff options
| author | Serhiy Storchaka <storchaka@gmail.com> | 2015-02-15 22:29:52 (GMT) |
|---|---|---|
| committer | Serhiy Storchaka <storchaka@gmail.com> | 2015-02-15 22:29:52 (GMT) |
| commit | c769040100c3957446acea6efed5c9ad4a552cf2 (patch) | |
| tree | 4bbe3fefba467fdabf148d51a25ae44d1d66c488 /Lib/dumbdbm.py | |
| parent | eab2fd10cf5e3d49efdaa51f251d151674fdf404 (diff) | |
| download | cpython-c769040100c3957446acea6efed5c9ad4a552cf2.zip cpython-c769040100c3957446acea6efed5c9ad4a552cf2.tar.gz cpython-c769040100c3957446acea6efed5c9ad4a552cf2.tar.bz2 | |
Issue #22885: Fixed arbitrary code execution vulnerability in the dumbdbm
module. Original patch by Claudiu Popa.
Diffstat (limited to 'Lib/dumbdbm.py')
| -rw-r--r-- | Lib/dumbdbm.py | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/Lib/dumbdbm.py b/Lib/dumbdbm.py index 4a0c3a7..46d543d 100644 --- a/Lib/dumbdbm.py +++ b/Lib/dumbdbm.py @@ -21,6 +21,7 @@ is read when the database is opened, and some updates rewrite the whole index) """ +import ast as _ast import os as _os import __builtin__ import UserDict @@ -85,7 +86,7 @@ class _Database(UserDict.DictMixin): with f: for line in f: line = line.rstrip() - key, pos_and_siz_pair = eval(line) + key, pos_and_siz_pair = _ast.literal_eval(line) self._index[key] = pos_and_siz_pair # Write the index dict to the directory file. The original directory |