Issue #22885: Fixed arbitrary code execution vulnerability in the dbm.dumb

module. Original patch by Claudiu Popa.
author: Serhiy Storchaka <storchaka@gmail.com> 2015-02-15 22:30:43 (GMT)
committer: Serhiy Storchaka <storchaka@gmail.com> 2015-02-15 22:30:43 (GMT)
commit: 74eb8b2d1a1db905cffc4efcd1cefaf1f725cd81 (patch)
tree: 55874458c25a5c5cf90ce30a120ce50f9cc43f62 /Lib/test/test_dbm_dumb.py
parent: 57fffd6f99d55ccd623b381622b989410a695b99 (diff)
download: cpython-74eb8b2d1a1db905cffc4efcd1cefaf1f725cd81.zip
cpython-74eb8b2d1a1db905cffc4efcd1cefaf1f725cd81.tar.gz
cpython-74eb8b2d1a1db905cffc4efcd1cefaf1f725cd81.tar.bz2
1 files changed, 9 insertions, 0 deletions
diff --git a/Lib/test/test_dbm_dumb.py b/Lib/test/test_dbm_dumb.py
index 29f48a3..dc88ca6 100644
--- a/Lib/test/test_dbm_dumb.py
+++ b/Lib/test/test_dbm_dumb.py
@@ -217,6 +217,15 @@ class DumbDBMTestCase(unittest.TestCase):
             self.assertEqual(str(cm.exception),
                              "DBM object has already been closed")
 
+    def test_eval(self):
+        with open(_fname + '.dir', 'w') as stream:
+            stream.write("str(print('Hacked!')), 0\n")
+        with support.captured_stdout() as stdout:
+            with self.assertRaises(ValueError):
+                with dumbdbm.open(_fname) as f:
+                    pass
+            self.assertEqual(stdout.getvalue(), '')
+
     def tearDown(self):
         _delete_files()
author	Serhiy Storchaka <storchaka@gmail.com>	2015-02-15 22:30:43 (GMT)
committer	Serhiy Storchaka <storchaka@gmail.com>	2015-02-15 22:30:43 (GMT)
commit	74eb8b2d1a1db905cffc4efcd1cefaf1f725cd81 (patch)
tree	55874458c25a5c5cf90ce30a120ce50f9cc43f62 /Lib/test/test_dbm_dumb.py
parent	57fffd6f99d55ccd623b381622b989410a695b99 (diff)
download	cpython-74eb8b2d1a1db905cffc4efcd1cefaf1f725cd81.zip cpython-74eb8b2d1a1db905cffc4efcd1cefaf1f725cd81.tar.gz cpython-74eb8b2d1a1db905cffc4efcd1cefaf1f725cd81.tar.bz2