diff options
author | drochner <drochner> | 2012-02-15 12:21:40 +0000 |
---|---|---|
committer | drochner <drochner> | 2012-02-15 12:21:40 +0000 |
commit | d5a142acdb6c87f8f7f99dffd438823c7fe0c5ae (patch) | |
tree | e6808f7009a529056f14fd0b88328d4d88300183 /lang/python26/patches | |
parent | 16d33e1bbcb6f221486ce51a847aad7a0909aa00 (diff) | |
download | pkgsrc-d5a142acdb6c87f8f7f99dffd438823c7fe0c5ae.tar.gz |
add patch from Python issue#14001 to fix xmlrpc server endless loop
by malformed request
bump PKGREV
Diffstat (limited to 'lang/python26/patches')
-rw-r--r-- | lang/python26/patches/patch-CVE-2012-0845 | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/lang/python26/patches/patch-CVE-2012-0845 b/lang/python26/patches/patch-CVE-2012-0845 new file mode 100644 index 00000000000..dd6f32cd8f6 --- /dev/null +++ b/lang/python26/patches/patch-CVE-2012-0845 @@ -0,0 +1,18 @@ +$NetBSD: patch-CVE-2012-0845,v 1.1 2012/02/15 12:21:40 drochner Exp $ + +see python bug #14001 + +--- Lib/SimpleXMLRPCServer.py.orig 2009-04-05 21:34:15.000000000 +0000 ++++ Lib/SimpleXMLRPCServer.py +@@ -459,7 +459,10 @@ class SimpleXMLRPCRequestHandler(BaseHTT + L = [] + while size_remaining: + chunk_size = min(size_remaining, max_chunk_size) +- L.append(self.rfile.read(chunk_size)) ++ chunk = self.rfile.read(chunk_size) ++ if not chunk: ++ break ++ L.append(chunk) + size_remaining -= len(L[-1]) + data = ''.join(L) + |