diff options
author | Serhiy Storchaka <storchaka@gmail.com> | 2015-02-15 22:32:41 (GMT) |
---|---|---|
committer | Serhiy Storchaka <storchaka@gmail.com> | 2015-02-15 22:32:41 (GMT) |
commit | 23edd49e5bb05d8999d5a181d17d3f4226243ac1 (patch) | |
tree | ad769c84f68261ed5b76fb0bd166d8274b097dde /Lib | |
parent | c481bfb3f62787e9ef0947785df7383a173a23c3 (diff) | |
parent | 74eb8b2d1a1db905cffc4efcd1cefaf1f725cd81 (diff) | |
download | cpython-23edd49e5bb05d8999d5a181d17d3f4226243ac1.zip cpython-23edd49e5bb05d8999d5a181d17d3f4226243ac1.tar.gz cpython-23edd49e5bb05d8999d5a181d17d3f4226243ac1.tar.bz2 |
Issue #22885: Fixed arbitrary code execution vulnerability in the dbm.dumb
module. Original patch by Claudiu Popa.
Diffstat (limited to 'Lib')
-rw-r--r-- | Lib/dbm/dumb.py | 3 | ||||
-rw-r--r-- | Lib/test/test_dbm_dumb.py | 9 |
2 files changed, 11 insertions, 1 deletions
diff --git a/Lib/dbm/dumb.py b/Lib/dbm/dumb.py index f95ab85..3424096 100644 --- a/Lib/dbm/dumb.py +++ b/Lib/dbm/dumb.py @@ -21,6 +21,7 @@ is read when the database is opened, and some updates rewrite the whole index) """ +import ast as _ast import io as _io import os as _os import collections @@ -95,7 +96,7 @@ class _Database(collections.MutableMapping): with f: for line in f: line = line.rstrip() - key, pos_and_siz_pair = eval(line) + key, pos_and_siz_pair = _ast.literal_eval(line) key = key.encode('Latin-1') self._index[key] = pos_and_siz_pair diff --git a/Lib/test/test_dbm_dumb.py b/Lib/test/test_dbm_dumb.py index ee5a32f..ff63c88 100644 --- a/Lib/test/test_dbm_dumb.py +++ b/Lib/test/test_dbm_dumb.py @@ -225,6 +225,15 @@ class DumbDBMTestCase(unittest.TestCase): with dumbdbm.open(_fname, 'n') as f: self.assertEqual(f.keys(), []) + def test_eval(self): + with open(_fname + '.dir', 'w') as stream: + stream.write("str(print('Hacked!')), 0\n") + with support.captured_stdout() as stdout: + with self.assertRaises(ValueError): + with dumbdbm.open(_fname) as f: + pass + self.assertEqual(stdout.getvalue(), '') + def tearDown(self): _delete_files() |