diff options
| -rw-r--r-- | Lib/dbm/dumb.py | 3 | ||||
| -rw-r--r-- | Lib/test/test_dbm_dumb.py | 9 | ||||
| -rw-r--r-- | Misc/NEWS | 3 |
3 files changed, 14 insertions, 1 deletions
diff --git a/Lib/dbm/dumb.py b/Lib/dbm/dumb.py index 8f48aad..a9ead68 100644 --- a/Lib/dbm/dumb.py +++ b/Lib/dbm/dumb.py @@ -21,6 +21,7 @@ is read when the database is opened, and some updates rewrite the whole index) """ +import ast as _ast import io as _io import os as _os import collections @@ -85,7 +86,7 @@ class _Database(collections.MutableMapping): with f: for line in f: line = line.rstrip() - key, pos_and_siz_pair = eval(line) + key, pos_and_siz_pair = _ast.literal_eval(line) key = key.encode('Latin-1') self._index[key] = pos_and_siz_pair diff --git a/Lib/test/test_dbm_dumb.py b/Lib/test/test_dbm_dumb.py index 29f48a3..dc88ca6 100644 --- a/Lib/test/test_dbm_dumb.py +++ b/Lib/test/test_dbm_dumb.py @@ -217,6 +217,15 @@ class DumbDBMTestCase(unittest.TestCase): self.assertEqual(str(cm.exception), "DBM object has already been closed") + def test_eval(self): + with open(_fname + '.dir', 'w') as stream: + stream.write("str(print('Hacked!')), 0\n") + with support.captured_stdout() as stdout: + with self.assertRaises(ValueError): + with dumbdbm.open(_fname) as f: + pass + self.assertEqual(stdout.getvalue(), '') + def tearDown(self): _delete_files() @@ -13,6 +13,9 @@ Core and Builtins Library ------- +- Issue #22885: Fixed arbitrary code execution vulnerability in the dbm.dumb + module. Original patch by Claudiu Popa. + - Issue #23146: Fix mishandling of absolute Windows paths with forward slashes in pathlib. |