Date: Fri, 17 Feb 2012 15:26:17 GMT From: Spil <spil.oss@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/165239: lang/python27 2.x/3.x DoS vulnerable Message-ID: <201202171526.q1HFQHUH053984@red.freebsd.org> Resent-Message-ID: <201202171530.q1HFUFwK051790@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 165239 >Category: ports >Synopsis: lang/python27 2.x/3.x DoS vulnerable >Confidential: no >Severity: non-critical >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Fri Feb 17 15:30:15 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Spil >Release: FreeBSD-9.0 >Organization: n.a. >Environment: FreeBSD gw.example.org 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Mon Jan 9 09:24:45 CET 2012 root@gw.example.org:/usr/obj/usr/src/sys/FREEBSD90 i386 >Description: DoS vuln Python http://www.vuxml.org/freebsd/b4f8be9e-56b2-11e1-9fb7-003067b2972c.html http://bugs.python.org/issue14001 python bug report has a patch for the latest version but not for earlier versions >How-To-Repeat: n.a. >Fix: As per the patch on http://bugs.python.org/issue14001 --- Lib/SimpleXMLRPCServer.py.orig 2011-06-11 17:46:23.000000000 +0200 +++ Lib/SimpleXMLRPCServer.py 2012-02-17 16:17:11.000000000 +0100 @@ -486,7 +486,10 @@ L = [] while size_remaining: chunk_size = min(size_remaining, max_chunk_size) - L.append(self.rfile.read(chunk_size)) + chunk = self.rfile.read(chunk_size) + if not chunk: + break + L.append(chunk) size_remaining -= len(L[-1]) data = ''.join(L) >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201202171526.q1HFQHUH053984>