unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed
* [bug#46856] [PATCH] gnu: Python 2: Fix CVE-2021-3177.
@ 2021-03-01 19:58 Leo Famulari
  2021-03-02 21:58 ` bug#46856: " Leo Famulari
  0 siblings, 1 reply; 2+ messages in thread
From: Leo Famulari @ 2021-03-01 19:58 UTC (permalink / raw)
  To: 46856

* gnu/packages/patches/python-2.7-CVE-2021-3177.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/python.scm (python-2.7)[replacement]: New field.
(python-2.7/fixed): New variable.
---
 gnu/local.mk                                  |   1 +
 .../patches/python-2.7-CVE-2021-3177.patch    | 157 ++++++++++++++++++
 gnu/packages/python.scm                       |   9 +
 3 files changed, 167 insertions(+)
 create mode 100644 gnu/packages/patches/python-2.7-CVE-2021-3177.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 0954158d4c..0f8fb20e83 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1518,6 +1518,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/python-2.7-search-paths.patch		\
   %D%/packages/patches/python-2.7-site-prefixes.patch		\
   %D%/packages/patches/python-2.7-source-date-epoch.patch	\
+  %D%/packages/patches/python-2.7-CVE-2021-3177.patch		\
   %D%/packages/patches/python-3-arm-alignment.patch		\
   %D%/packages/patches/python-3-deterministic-build-info.patch	\
   %D%/packages/patches/python-3-search-paths.patch		\
diff --git a/gnu/packages/patches/python-2.7-CVE-2021-3177.patch b/gnu/packages/patches/python-2.7-CVE-2021-3177.patch
new file mode 100644
index 0000000000..9f2032ad4a
--- /dev/null
+++ b/gnu/packages/patches/python-2.7-CVE-2021-3177.patch
@@ -0,0 +1,157 @@
+Fix CVE-2021-3177 for Python 2.7:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3177
+
+Patch copied from Debian:
+
+https://salsa.debian.org/cpython-team/python2/-/blob/e54f3303884f1362f3311ec36f070b40603dd76e/debian/patches/CVE-2021-3177.diff
+
+bpo-42938: Replace snprintf with Python unicode formatting in ctypes param reprs.
+--- a/Lib/ctypes/test/test_parameters.py
++++ b/Lib/ctypes/test/test_parameters.py
+@@ -206,6 +206,49 @@ class SimpleTypesTestCase(unittest.TestC
+         with self.assertRaises(ZeroDivisionError):
+             WorseStruct().__setstate__({}, b'foo')
+ 
++    def test_parameter_repr(self):
++        from ctypes import (
++            c_bool,
++            c_char,
++            c_wchar,
++            c_byte,
++            c_ubyte,
++            c_short,
++            c_ushort,
++            c_int,
++            c_uint,
++            c_long,
++            c_ulong,
++            c_longlong,
++            c_ulonglong,
++            c_float,
++            c_double,
++            c_longdouble,
++            c_char_p,
++            c_wchar_p,
++            c_void_p,
++        )
++        self.assertRegexpMatches(repr(c_bool.from_param(True)), r"^<cparam '\?' at 0x[A-Fa-f0-9]+>$")
++        self.assertEqual(repr(c_char.from_param('a')), "<cparam 'c' (a)>")
++        self.assertRegexpMatches(repr(c_wchar.from_param('a')), r"^<cparam 'u' at 0x[A-Fa-f0-9]+>$")
++        self.assertEqual(repr(c_byte.from_param(98)), "<cparam 'b' (98)>")
++        self.assertEqual(repr(c_ubyte.from_param(98)), "<cparam 'B' (98)>")
++        self.assertEqual(repr(c_short.from_param(511)), "<cparam 'h' (511)>")
++        self.assertEqual(repr(c_ushort.from_param(511)), "<cparam 'H' (511)>")
++        self.assertRegexpMatches(repr(c_int.from_param(20000)), r"^<cparam '[li]' \(20000\)>$")
++        self.assertRegexpMatches(repr(c_uint.from_param(20000)), r"^<cparam '[LI]' \(20000\)>$")
++        self.assertRegexpMatches(repr(c_long.from_param(20000)), r"^<cparam '[li]' \(20000\)>$")
++        self.assertRegexpMatches(repr(c_ulong.from_param(20000)), r"^<cparam '[LI]' \(20000\)>$")
++        self.assertRegexpMatches(repr(c_longlong.from_param(20000)), r"^<cparam '[liq]' \(20000\)>$")
++        self.assertRegexpMatches(repr(c_ulonglong.from_param(20000)), r"^<cparam '[LIQ]' \(20000\)>$")
++        self.assertEqual(repr(c_float.from_param(1.5)), "<cparam 'f' (1.5)>")
++        self.assertEqual(repr(c_double.from_param(1.5)), "<cparam 'd' (1.5)>")
++        self.assertEqual(repr(c_double.from_param(1e300)), "<cparam 'd' (1e+300)>")
++        self.assertRegexpMatches(repr(c_longdouble.from_param(1.5)), r"^<cparam ('d' \(1.5\)|'g' at 0x[A-Fa-f0-9]+)>$")
++        self.assertRegexpMatches(repr(c_char_p.from_param(b'hihi')), "^<cparam 'z' \(0x[A-Fa-f0-9]+\)>$")
++        self.assertRegexpMatches(repr(c_wchar_p.from_param('hihi')), "^<cparam 'Z' \(0x[A-Fa-f0-9]+\)>$")
++        self.assertRegexpMatches(repr(c_void_p.from_param(0x12)), r"^<cparam 'P' \(0x0*12\)>$")
++
+ ################################################################
+ 
+ if __name__ == '__main__':
+--- a/Modules/_ctypes/callproc.c
++++ b/Modules/_ctypes/callproc.c
+@@ -460,50 +460,53 @@ PyCArg_dealloc(PyCArgObject *self)
+ static PyObject *
+ PyCArg_repr(PyCArgObject *self)
+ {
+-    char buffer[256];
+     switch(self->tag) {
+     case 'b':
+     case 'B':
+-        sprintf(buffer, "<cparam '%c' (%d)>",
++        return PyString_FromFormat("<cparam '%c' (%d)>",
+             self->tag, self->value.b);
+-        break;
+     case 'h':
+     case 'H':
+-        sprintf(buffer, "<cparam '%c' (%d)>",
++        return PyString_FromFormat("<cparam '%c' (%d)>",
+             self->tag, self->value.h);
+-        break;
+     case 'i':
+     case 'I':
+-        sprintf(buffer, "<cparam '%c' (%d)>",
++        return PyString_FromFormat("<cparam '%c' (%d)>",
+             self->tag, self->value.i);
+-        break;
+     case 'l':
+     case 'L':
+-        sprintf(buffer, "<cparam '%c' (%ld)>",
++        return PyString_FromFormat("<cparam '%c' (%ld)>",
+             self->tag, self->value.l);
+-        break;
+ 
+ #ifdef HAVE_LONG_LONG
+     case 'q':
+     case 'Q':
+-        sprintf(buffer,
+-            "<cparam '%c' (%" PY_FORMAT_LONG_LONG "d)>",
++        return PyString_FromFormat("<cparam '%c' (%" PY_FORMAT_LONG_LONG "d)>",
+             self->tag, self->value.q);
+-        break;
+ #endif
+     case 'd':
+-        sprintf(buffer, "<cparam '%c' (%f)>",
+-            self->tag, self->value.d);
+-        break;
+-    case 'f':
+-        sprintf(buffer, "<cparam '%c' (%f)>",
+-            self->tag, self->value.f);
+-        break;
++    case 'f': {
++        PyObject *f = PyFloat_FromDouble((self->tag == 'f') ? self->value.f : self->value.d);
++        if (f == NULL) {
++            return NULL;
++        }
++        PyObject *r = PyObject_Repr(f);
++        Py_DECREF(f);
++        if (r == NULL) {
++            return NULL;
++        }
++        char *value = PyString_AsString(r);
++        if (value == NULL) {
++            return NULL;
++        }
++        PyObject *result = PyString_FromFormat("<cparam '%c' (%s)>", self->tag, value);
++        Py_DECREF(r);
++        return result;
++    }
+ 
+     case 'c':
+-        sprintf(buffer, "<cparam '%c' (%c)>",
++        return PyString_FromFormat("<cparam '%c' (%c)>",
+             self->tag, self->value.c);
+-        break;
+ 
+ /* Hm, are these 'z' and 'Z' codes useful at all?
+    Shouldn't they be replaced by the functionality of c_string
+@@ -512,16 +515,13 @@ PyCArg_repr(PyCArgObject *self)
+     case 'z':
+     case 'Z':
+     case 'P':
+-        sprintf(buffer, "<cparam '%c' (%p)>",
++        return PyString_FromFormat("<cparam '%c' (%p)>",
+             self->tag, self->value.p);
+-        break;
+ 
+     default:
+-        sprintf(buffer, "<cparam '%c' at %p>",
++        return PyString_FromFormat("<cparam '%c' at %p>",
+             self->tag, self);
+-        break;
+     }
+-    return PyString_FromString(buffer);
+ }
+ 
+ static PyMemberDef PyCArgType_members[] = {
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 9d97050c66..e05c91b3d0 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -107,6 +107,7 @@
 (define-public python-2.7
   (package
     (name "python2")
+    (replacement python-2.7/fixed)
     (version "2.7.17")
     (source
      (origin
@@ -350,6 +351,14 @@ data types.")
     (properties '((cpe-name . "python")))
     (license license:psfl)))
 
+(define python-2.7/fixed
+  (package
+    (inherit python-2.7)
+    (source (origin
+              (inherit (package-source python-2.7))
+              (patches (append (search-patches "python-2.7-CVE-2021-3177.patch")
+                               (origin-patches (package-source python-2.7))))))))
+
 ;; Current 2.x version.
 (define-public python-2 python-2.7)
 
-- 
2.30.1





^ permalink raw reply related	[flat|nested] 2+ messages in thread

* bug#46856: [PATCH] gnu: Python 2: Fix CVE-2021-3177.
  2021-03-01 19:58 [bug#46856] [PATCH] gnu: Python 2: Fix CVE-2021-3177 Leo Famulari
@ 2021-03-02 21:58 ` Leo Famulari
  0 siblings, 0 replies; 2+ messages in thread
From: Leo Famulari @ 2021-03-02 21:58 UTC (permalink / raw)
  To: 46856-done

Pushed as 3905580180d8f8ed1eec07baa307b4bff0d726d6




^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2021-03-02 21:59 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-03-01 19:58 [bug#46856] [PATCH] gnu: Python 2: Fix CVE-2021-3177 Leo Famulari
2021-03-02 21:58 ` bug#46856: " Leo Famulari

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).