main/python: security fix for CVE-2014-1912

fixes #2710

2 files changed, 21 insertions, 2 deletions

diff --git a/main/python/APKBUILD b/main/python/APKBUILD
index 95b241da9b..f814f3d3bb 100644
--- a/main/python/APKBUILD
+++ b/main/python/APKBUILD
@@ -2,7 +2,7 @@
 pkgname=python
 pkgver=2.7.2
 _verbase=${pkgver%.*}
-pkgrel=3
+pkgrel=4
 pkgdesc="A high-level scripting language"
 url="http://www.python.org"
 arch="all"
@@ -15,6 +15,7 @@ depends=
 makedepends="expat-dev openssl-dev zlib-dev ncurses-dev bzip2-dev
 	gdbm-dev sqlite-dev libffi-dev readline-dev"
 source="http://www.$pkgname.org/ftp/$pkgname/$pkgver/Python-$pkgver.tar.bz2
+	recvfrom_into_buffer_overflow_2.7.patch
 	"
 
 prepare() {
@@ -75,4 +76,5 @@ gdbm() {
 	_mv_files $(find usr/lib -name '*gdbm*')
 }
 
-md5sums="ba7b2f11ffdbf195ee0d111b9455a5bd  Python-2.7.2.tar.bz2"
+md5sums="ba7b2f11ffdbf195ee0d111b9455a5bd  Python-2.7.2.tar.bz2
+9bfbe06cf0752d5906992bb1e09198ca  recvfrom_into_buffer_overflow_2.7.patch"
diff --git a/main/python/recvfrom_into_buffer_overflow_2.7.patch b/main/python/recvfrom_into_buffer_overflow_2.7.patch
new file mode 100644
index 0000000000..37e786bd3a
--- /dev/null
+++ b/main/python/recvfrom_into_buffer_overflow_2.7.patch
@@ -0,0 +1,17 @@
+diff -r 40fb60df4755 Modules/socketmodule.c
+--- a/Modules/socketmodule.c	Sun Jan 12 12:11:47 2014 +0200
++++ b/Modules/socketmodule.c	Mon Jan 13 16:36:35 2014 -0800
+@@ -2744,6 +2744,13 @@
+         recvlen = buflen;
+     }
+ 
++    /* Check if the buffer is large enough */
++    if (buflen < recvlen) {
++        PyErr_SetString(PyExc_ValueError,
++                        "buffer too small for requested bytes");
++        goto error;
++    }
++
+     readlen = sock_recvfrom_guts(s, buf.buf, recvlen, flags, &addr);
+     if (readlen < 0) {
+         /* Return an error */