diff options
| -rw-r--r-- | Lib/test/test_socket.py | 8 | ||||
| -rw-r--r-- | Misc/ACKS | 1 | ||||
| -rw-r--r-- | Misc/NEWS | 2 | ||||
| -rw-r--r-- | Modules/socketmodule.c | 5 |
4 files changed, 16 insertions, 0 deletions
diff --git a/Lib/test/test_socket.py b/Lib/test/test_socket.py index 4ecab95..290c4dd 100644 --- a/Lib/test/test_socket.py +++ b/Lib/test/test_socket.py @@ -1968,6 +1968,14 @@ class BufferIOTest(SocketConnectedTest): _testRecvFromIntoMemoryview = _testRecvFromIntoArray + def testRecvFromIntoSmallBuffer(self): + # See issue #20246. + buf = bytearray(8) + self.assertRaises(ValueError, self.cli_conn.recvfrom_into, buf, 1024) + + def _testRecvFromIntoSmallBuffer(self): + self.serv_conn.send(MSG*2048) + TIPC_STYPE = 2000 TIPC_LOWER = 200 @@ -1020,6 +1020,7 @@ Eric V. Smith Christopher Smith Gregory P. Smith Roy Smith +Ryan Smith-Roberts Rafal Smotrzyk Dirk Soede Paul Sokolovsky @@ -10,6 +10,8 @@ What's New in Python 3.2.6? Library ------- +- Issue #20246: Fix buffer overflow in socket.recvfrom_into. + - Issue #12226: HTTPS is now used by default when connecting to PyPI. - Issue #19435: Fix directory traversal attack on CGIHttpRequestHandler. diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c index e027625..903e10c 100644 --- a/Modules/socketmodule.c +++ b/Modules/socketmodule.c @@ -2598,6 +2598,11 @@ sock_recvfrom_into(PySocketSockObject *s, PyObject *args, PyObject* kwds) if (recvlen == 0) { /* If nbytes was not specified, use the buffer's length */ recvlen = buflen; + } else if (recvlen > buflen) { + PyBuffer_Release(&pbuf); + PyErr_SetString(PyExc_ValueError, + "nbytes is greater than the length of the buffer"); + return NULL; } readlen = sock_recvfrom_guts(s, buf, recvlen, flags, &addr); |