From 72146124432fd9372032de1a3a508236ea4ab0d4 Mon Sep 17 00:00:00 2001 From: Antoine Pitrou Date: Wed, 22 Feb 2012 18:03:04 +0100 Subject: In find_module(), do not silence fileno() and dup() errors. --- Python/import.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Python/import.c b/Python/import.c index beda7f97..e5581c5 100644 --- a/Python/import.c +++ b/Python/import.c @@ -3186,6 +3186,8 @@ call_find_module(char *name, PyObject *path) fd = dup(fd); fclose(fp); fp = NULL; + if (fd == -1) + return PyErr_SetFromErrno(PyExc_OSError); } if (fd != -1) { if (strchr(fdp->mode, 'b') == NULL) { -- cgit v0.12 From 4f22a8d739494d188ba0b4430ca86d93e1ed30d2 Mon Sep 17 00:00:00 2001 From: Antoine Pitrou Date: Wed, 22 Feb 2012 18:05:43 +0100 Subject: Issue #14084: Fix a file descriptor leak when importing a module with a bad encoding. --- Misc/NEWS | 3 +++ Python/import.c | 4 +++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/Misc/NEWS b/Misc/NEWS index ee4287b..eeab400 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -10,6 +10,9 @@ What's New in Python 3.2.3? Core and Builtins ----------------- +- Issue #14084: Fix a file descriptor leak when importing a module with a + bad encoding. + - Issue #13703: oCERT-2011-003: add -R command-line option and PYTHONHASHSEED environment variable, to provide an opt-in way to protect against denial of service attacks due to hash collisions within the dict and set types. Patch diff --git a/Python/import.c b/Python/import.c index e5581c5..f443ab8 100644 --- a/Python/import.c +++ b/Python/import.c @@ -3195,8 +3195,10 @@ call_find_module(char *name, PyObject *path) memory. */ found_encoding = PyTokenizer_FindEncoding(fd); lseek(fd, 0, 0); /* Reset position */ - if (found_encoding == NULL && PyErr_Occurred()) + if (found_encoding == NULL && PyErr_Occurred()) { + close(fd); return NULL; + } encoding = (found_encoding != NULL) ? found_encoding : (char*)PyUnicode_GetDefaultEncoding(); } -- cgit v0.12