apply fix for CVE-2012-0845 to other Python versions too

(2.4 is not affected)
author: drochner <drochner@pkgsrc.org> 2012-02-15 16:08:25 +0000
committer: drochner <drochner@pkgsrc.org> 2012-02-15 16:08:25 +0000
commit: 243a70cc45e3e7dbb52888325362ea636f239b2f (patch)
tree: 63f9e8b430d7a688339bcd68ef97fc3ce4460fff /lang/python27/patches
parent: adb2bfbf61bc473f0505afeec6428fb9579d4806 (diff)
download: pkgsrc-243a70cc45e3e7dbb52888325362ea636f239b2f.tar.gz
1 files changed, 18 insertions, 0 deletions
diff --git a/lang/python27/patches/patch-CVE-2012-0845 b/lang/python27/patches/patch-CVE-2012-0845
new file mode 100644
index 00000000000..e086a0b233e
--- /dev/null
+++ b/lang/python27/patches/patch-CVE-2012-0845
@@ -0,0 +1,18 @@
+$NetBSD: patch-CVE-2012-0845,v 1.1 2012/02/15 16:08:26 drochner Exp $
+
+see python bug #14001
+
+--- Lib/SimpleXMLRPCServer.py.orig	2009-04-05 21:34:15.000000000 +0000
++++ Lib/SimpleXMLRPCServer.py
+@@ -459,7 +459,10 @@ class SimpleXMLRPCRequestHandler(BaseHTT
+             L = []
+             while size_remaining:
+                 chunk_size = min(size_remaining, max_chunk_size)
+-                L.append(self.rfile.read(chunk_size))
++                chunk = self.rfile.read(chunk_size)
++                if not chunk:
++                    break
++                L.append(chunk)
+                 size_remaining -= len(L[-1])
+             data = ''.join(L)
+
author	drochner <drochner@pkgsrc.org>	2012-02-15 16:08:25 +0000
committer	drochner <drochner@pkgsrc.org>	2012-02-15 16:08:25 +0000
commit	243a70cc45e3e7dbb52888325362ea636f239b2f (patch)
tree	63f9e8b430d7a688339bcd68ef97fc3ce4460fff /lang/python27/patches
parent	adb2bfbf61bc473f0505afeec6428fb9579d4806 (diff)
download	pkgsrc-243a70cc45e3e7dbb52888325362ea636f239b2f.tar.gz