[Python-modules-commits] r13876 - in packages/python-cjson/branches/lenny/debian/patches (1 file)
chrisk-guest at users.alioth.debian.org
chrisk-guest at users.alioth.debian.org
Sat Jul 10 19:54:29 UTC 2010
Date: Saturday, July 10, 2010 @ 19:54:28
Author: chrisk-guest
Revision: 13876
Remove stray duplicate of patch
Deleted:
packages/python-cjson/branches/lenny/debian/patches/0001-fix-for-CVE-2010-1666
Deleted: packages/python-cjson/branches/lenny/debian/patches/0001-fix-for-CVE-2010-1666
===================================================================
--- packages/python-cjson/branches/lenny/debian/patches/0001-fix-for-CVE-2010-1666 2010-07-10 19:48:25 UTC (rev 13875)
+++ packages/python-cjson/branches/lenny/debian/patches/0001-fix-for-CVE-2010-1666 2010-07-10 19:54:28 UTC (rev 13876)
@@ -1,90 +0,0 @@
-Author: Matt Giuca
-Date: Tue, 06 Jul 2010 23:31:15 +0200
-Subject: [PATCH] Fix for CVE-2010-1666
-
-Matt Giuca discovered a potential buffer overflow in python-cjson. It has been
-assigned CVE-2010-1666. This patch is taken from the patch submitted and
-applied to Ubuntu's version of python-cjson.
-
-Origin: other, https://bugs.launchpad.net/ubuntu/+source/python-cjson/+bug/585274
-Bug-Debian: http://bugs.debian.org/587700
-Forwarded: yes
-Last-Update: 2010-10-07
-Index: python-cjson-1.0.5-new/cjson.c
-===================================================================
---- python-cjson-1.0.5-new.orig/cjson.c 2010-07-06 23:29:27.898903297 +0200
-+++ python-cjson-1.0.5-new/cjson.c 2010-07-06 23:29:41.901838748 +0200
-@@ -613,6 +613,25 @@
- char *p;
-
- static const char *hexdigit = "0123456789abcdef";
-+#ifdef Py_UNICODE_WIDE
-+ const Py_ssize_t expandsize = 10;
-+#else
-+ const Py_ssize_t expandsize = 6;
-+#endif
-+
-+ /* Initial allocation is based on the longest-possible unichr
-+ escape.
-+
-+ In wide (UTF-32) builds '\U00xxxxxx' is 10 chars per source
-+ unichr, so in this case it's the longest unichr escape. In
-+ narrow (UTF-16) builds this is five chars per source unichr
-+ since there are two unichrs in the surrogate pair, so in narrow
-+ (UTF-16) builds it's not the longest unichr escape.
-+
-+ In wide or narrow builds '\uxxxx' is 6 chars per source unichr,
-+ so in the narrow (UTF-16) build case it's the longest unichr
-+ escape.
-+ */
-
- s = PyUnicode_AS_UNICODE(unicode);
- size = PyUnicode_GET_SIZE(unicode);
-@@ -623,7 +642,7 @@
- return NULL;
- }
-
-- repr = PyString_FromStringAndSize(NULL, 2 + 6*size + 1);
-+ repr = PyString_FromStringAndSize(NULL, 2 + expandsize*size + 1);
- if (repr == NULL)
- return NULL;
-
-@@ -644,15 +663,6 @@
- #ifdef Py_UNICODE_WIDE
- /* Map 21-bit characters to '\U00xxxxxx' */
- else if (ch >= 0x10000) {
-- int offset = p - PyString_AS_STRING(repr);
--
-- /* Resize the string if necessary */
-- if (offset + 12 > PyString_GET_SIZE(repr)) {
-- if (_PyString_Resize(&repr, PyString_GET_SIZE(repr) + 100))
-- return NULL;
-- p = PyString_AS_STRING(repr) + offset;
-- }
--
- *p++ = '\\';
- *p++ = 'U';
- *p++ = hexdigit[(ch >> 28) & 0x0000000F];
-Index: python-cjson-1.0.5-new/jsontest.py
-===================================================================
---- python-cjson-1.0.5-new.orig/jsontest.py 2010-07-06 23:29:27.965871886 +0200
-+++ python-cjson-1.0.5-new/jsontest.py 2010-07-06 23:29:41.901838748 +0200
-@@ -316,6 +316,18 @@
-
- def testWriteLong(self):
- self.assertEqual("12345678901234567890", cjson.encode(12345678901234567890))
-+
-+ def testWriteLongUnicode(self):
-+ # This test causes a buffer overrun in cjson 1.0.5, on UCS4 builds.
-+ # The string length is only resized for wide unicode characters if
-+ # there is less than 12 bytes of space left. Padding with
-+ # narrow-but-escaped characters prevents string resizing.
-+ # Note that u'\U0001D11E\u1234' also breaks, but sometimes goes
-+ # undetected.
-+ s = cjson.encode(u'\U0001D11E\U0001D11E\U0001D11E\U0001D11E'
-+ u'\u1234\u1234\u1234\u1234\u1234\u1234')
-+ self.assertEqual(r'"\U0001d11e\U0001d11e\U0001d11e\U0001d11e'
-+ r'\u1234\u1234\u1234\u1234\u1234\u1234"', s)
-
- def main():
- unittest.main()
More information about the Python-modules-commits
mailing list