[Python-checkins] r67197 - in python/branches/release24-maint: Misc/NEWS Modules/zlibmodule.c
matthias.klose
python-checkins at python.org
Wed Nov 12 08:02:25 CET 2008
Author: matthias.klose
Date: Wed Nov 12 08:02:24 2008
New Revision: 67197
Log:
- Issue #2586: Fix CVE-2008-1721, zlib crash from
zlib.decompressobj().flush(val) when val is not positive.
Modified:
python/branches/release24-maint/Misc/NEWS
python/branches/release24-maint/Modules/zlibmodule.c
Modified: python/branches/release24-maint/Misc/NEWS
==============================================================================
--- python/branches/release24-maint/Misc/NEWS (original)
+++ python/branches/release24-maint/Misc/NEWS Wed Nov 12 08:02:24 2008
@@ -24,6 +24,9 @@
- Issue #1179: Fix CVE-2007-4965 and CVE-2008-1679, multiple integer
overflows in the imageop and rgbimgmodule modules.
+- Issue #2586: Fix CVE-2008-1721, zlib crash from
+ zlib.decompressobj().flush(val) when val is not positive.
+
Extension Modules
-----------------
Modified: python/branches/release24-maint/Modules/zlibmodule.c
==============================================================================
--- python/branches/release24-maint/Modules/zlibmodule.c (original)
+++ python/branches/release24-maint/Modules/zlibmodule.c Wed Nov 12 08:02:24 2008
@@ -669,6 +669,10 @@
if (!PyArg_ParseTuple(args, "|i:flush", &length))
return NULL;
+ if (length <= 0) {
+ PyErr_SetString(PyExc_ValueError, "length must be greater than zero");
+ return NULL;
+ }
if (!(retval = PyString_FromStringAndSize(NULL, length)))
return NULL;
More information about the Python-checkins
mailing list