]> granicus.if.org Git - python/commitdiff
projects / python / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: eab2fd1)
Issue #22885: Fixed arbitrary code execution vulnerability in the dumbdbm
authorSerhiy Storchaka <storchaka@gmail.com>
Sun, 15 Feb 2015 22:29:52 +0000 (00:29 +0200)
committerSerhiy Storchaka <storchaka@gmail.com>
Sun, 15 Feb 2015 22:29:52 +0000 (00:29 +0200)
module.  Original patch by Claudiu Popa.

Lib/dumbdbm.py patch | blob | history
Lib/test/test_dumbdbm.py patch | blob | history
Misc/NEWS patch | blob | history

diff --git a/Lib/dumbdbm.py b/Lib/dumbdbm.py
index 4a0c3a7852e600b000419012aa868d710103996f..46d543df0c3a4a11650e6dfd40296c171949c06d 100644 (file)
--- a/Lib/dumbdbm.py
+++ b/Lib/dumbdbm.py
@@ -21,6 +21,7 @@ is read when the database is opened, and some updates rewrite the whole index)
 
 """
 
+import ast as _ast
 import os as _os
 import __builtin__
 import UserDict
@@ -85,7 +86,7 @@ class _Database(UserDict.DictMixin):
             with f:
                 for line in f:
                     line = line.rstrip()
-                    key, pos_and_siz_pair = eval(line)
+                    key, pos_and_siz_pair = _ast.literal_eval(line)
                     self._index[key] = pos_and_siz_pair
 
     # Write the index dict to the directory file.  The original directory
diff --git a/Lib/test/test_dumbdbm.py b/Lib/test/test_dumbdbm.py
index 6f5324fd948fe37aac35928ba733e4b09465a017..6520efdb83aeaa5d3415bfbe4a28718037992659 100644 (file)
--- a/Lib/test/test_dumbdbm.py
+++ b/Lib/test/test_dumbdbm.py
@@ -160,6 +160,14 @@ class DumbDBMTestCase(unittest.TestCase):
             self.assertEqual(expected, got)
             f.close()
 
+    def test_eval(self):
+        with open(_fname + '.dir', 'w') as stream:
+            stream.write("str(__import__('sys').stdout.write('Hacked!')), 0\n")
+        with test_support.captured_stdout() as stdout:
+            with self.assertRaises(ValueError):
+                dumbdbm.open(_fname).close()
+            self.assertEqual(stdout.getvalue(), '')
+
     def tearDown(self):
         _delete_files()
 
diff --git a/Misc/NEWS b/Misc/NEWS
index 64ab3e5e18f5ed7754d0296583932b66739902f7..5f9c8144b8420498e53ac24973c9bfd9ed2fe459 100644 (file)
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -18,6 +18,9 @@ Core and Builtins
 Library
 -------
 
+- Issue #22885: Fixed arbitrary code execution vulnerability in the dumbdbm
+  module.  Original patch by Claudiu Popa.
+
 - Issue #21849: Fixed xmlrpclib serialization of non-ASCII unicode strings in
   the multiprocessing module.
 
Unnamed repository; edit this file 'description' to name the repository.