summaryrefslogtreecommitdiff
path: root/dev-python/rencode/files
diff options
context:
space:
mode:
authorV3n3RiX <venerix@redcorelinux.org>2021-09-16 22:05:01 +0100
committerV3n3RiX <venerix@redcorelinux.org>2021-09-16 22:05:01 +0100
commitcc4618c9ba3d974948ebf340b542d8cb01db2f55 (patch)
tree125ee67bb9e0d548771cf7b61d04bb1f0dc57687 /dev-python/rencode/files
parent677b7ba5c317778df2ad7e70df94b9b7eec4adbc (diff)
gentoo resync : 16.09.2021
Diffstat (limited to 'dev-python/rencode/files')
-rw-r--r--dev-python/rencode/files/rencode-1.0.6-fix-CVE-2021-40839.patch34
1 files changed, 34 insertions, 0 deletions
diff --git a/dev-python/rencode/files/rencode-1.0.6-fix-CVE-2021-40839.patch b/dev-python/rencode/files/rencode-1.0.6-fix-CVE-2021-40839.patch
new file mode 100644
index 000000000000..0a997d408017
--- /dev/null
+++ b/dev-python/rencode/files/rencode-1.0.6-fix-CVE-2021-40839.patch
@@ -0,0 +1,34 @@
+From: Andrew Resch <andrewresch@gmail.com>
+Date: Mon, 9 Aug 2021 20:44:51 -0700
+Subject: [PATCH] Fix checking if typecode is valid while decoding.
+
+This bug will cause rencode to hang if the invalid typecode is included
+in a sequence type (list, dict) since the position will not change and
+the loop checking for the termination byte never returns.
+
+This change is a copy of PR #29 with a few aesthetic changes.
+
+--- a/rencode/rencode.pyx
++++ b/rencode/rencode.pyx
+@@ -527,6 +527,8 @@
+ return decode_fixed_dict(data, pos)
+ elif typecode == CHR_DICT:
+ return decode_dict(data, pos)
++ else:
++ raise ValueError("Invalid typecode: %d at pos: %d" % (typecode, pos[0]))
+
+ def loads(data, decode_utf8=False):
+ """
+--- a/tests/test_rencode.py
++++ b/tests/test_rencode.py
+@@ -223,5 +223,10 @@
+ assert rencode_orig.__version__
+ self.assertEqual(rencode.__version__[1:], rencode_orig.__version__[1:], "version number does not match")
+
++ def test_invalid_typecode(self):
++ s = b";\x2f\x7f"
++ with self.assertRaises(ValueError):
++ rencode.loads(s)
++
+ if __name__ == '__main__':
+ unittest.main()
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-30 05:40:26 +0000