ports/165239: lang/python27 2.x/3.x DoS vulnerable
Spil
spil.oss at gmail.com
Fri Feb 17 15:30:16 UTC 2012
>Number: 165239
>Category: ports
>Synopsis: lang/python27 2.x/3.x DoS vulnerable
>Confidential: no
>Severity: non-critical
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Fri Feb 17 15:30:15 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: Spil
>Release: FreeBSD-9.0
>Organization:
n.a.
>Environment:
FreeBSD gw.example.org 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Mon Jan 9 09:24:45 CET 2012 root at gw.example.org:/usr/obj/usr/src/sys/FREEBSD90 i386
>Description:
DoS vuln Python
http://www.vuxml.org/freebsd/b4f8be9e-56b2-11e1-9fb7-003067b2972c.html
http://bugs.python.org/issue14001
python bug report has a patch for the latest version but not for earlier versions
>How-To-Repeat:
n.a.
>Fix:
As per the patch on http://bugs.python.org/issue14001
--- Lib/SimpleXMLRPCServer.py.orig 2011-06-11 17:46:23.000000000 +0200
+++ Lib/SimpleXMLRPCServer.py 2012-02-17 16:17:11.000000000 +0100
@@ -486,7 +486,10 @@
L = []
while size_remaining:
chunk_size = min(size_remaining, max_chunk_size)
- L.append(self.rfile.read(chunk_size))
+ chunk = self.rfile.read(chunk_size)
+ if not chunk:
+ break
+ L.append(chunk)
size_remaining -= len(L[-1])
data = ''.join(L)
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list