diff options
Diffstat (limited to 'lang/python26/patches/patch-af')
-rw-r--r-- | lang/python26/patches/patch-af | 326 |
1 files changed, 326 insertions, 0 deletions
diff --git a/lang/python26/patches/patch-af b/lang/python26/patches/patch-af new file mode 100644 index 00000000000..5ab3b81d3f8 --- /dev/null +++ b/lang/python26/patches/patch-af @@ -0,0 +1,326 @@ +$NetBSD: patch-af,v 1.1.2.2 2010/06/29 18:38:15 spz Exp $ + +Fix for the memory corruption caused by the "audioop" module reported +in CVE-2010-2089. Patch taken from here: + +https://bugzilla.redhat.com/attachment.cgi?id=418359&action=diff + +--- Modules/audioop.c.orig 2010-06-29 09:09:00.000000000 +0100 ++++ Modules/audioop.c 2010-06-29 09:09:00.000000000 +0100 +@@ -295,6 +295,29 @@ + + static PyObject *AudioopError; + ++static int ++audioop_check_size(int size) ++{ ++ if ( size != 1 && size != 2 && size != 4 ) { ++ PyErr_SetString(AudioopError, "Size should be 1, 2 or 4"); ++ return 0; ++ } else { ++ return 1; ++ } ++} ++ ++static int ++audioop_check_parameters(int len, int size) ++{ ++ if (!audioop_check_size(size)) ++ return 0; ++ if ( len % size != 0 ) { ++ PyErr_SetString(AudioopError, "not a whole number of frames"); ++ return 0; ++ } ++ return 1; ++} ++ + static PyObject * + audioop_getsample(PyObject *self, PyObject *args) + { +@@ -304,10 +327,8 @@ + + if ( !PyArg_ParseTuple(args, "s#ii:getsample", &cp, &len, &size, &i) ) + return 0; +- if ( size != 1 && size != 2 && size != 4 ) { +- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4"); +- return 0; +- } ++ if (!audioop_check_parameters(len, size)) ++ return NULL; + if ( i < 0 || i >= len/size ) { + PyErr_SetString(AudioopError, "Index out of range"); + return 0; +@@ -328,10 +349,8 @@ + + if ( !PyArg_ParseTuple(args, "s#i:max", &cp, &len, &size) ) + return 0; +- if ( size != 1 && size != 2 && size != 4 ) { +- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4"); +- return 0; +- } ++ if (!audioop_check_parameters(len, size)) ++ return NULL; + for ( i=0; i<len; i+= size) { + if ( size == 1 ) val = (int)*CHARP(cp, i); + else if ( size == 2 ) val = (int)*SHORTP(cp, i); +@@ -352,10 +371,8 @@ + + if (!PyArg_ParseTuple(args, "s#i:minmax", &cp, &len, &size)) + return NULL; +- if (size != 1 && size != 2 && size != 4) { +- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4"); ++ if (!audioop_check_parameters(len, size)) + return NULL; +- } + for (i = 0; i < len; i += size) { + if (size == 1) val = (int) *CHARP(cp, i); + else if (size == 2) val = (int) *SHORTP(cp, i); +@@ -376,10 +393,8 @@ + + if ( !PyArg_ParseTuple(args, "s#i:avg", &cp, &len, &size) ) + return 0; +- if ( size != 1 && size != 2 && size != 4 ) { +- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4"); +- return 0; +- } ++ if (!audioop_check_parameters(len, size)) ++ return NULL; + for ( i=0; i<len; i+= size) { + if ( size == 1 ) val = (int)*CHARP(cp, i); + else if ( size == 2 ) val = (int)*SHORTP(cp, i); +@@ -403,10 +418,8 @@ + + if ( !PyArg_ParseTuple(args, "s#i:rms", &cp, &len, &size) ) + return 0; +- if ( size != 1 && size != 2 && size != 4 ) { +- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4"); +- return 0; +- } ++ if (!audioop_check_parameters(len, size)) ++ return NULL; + for ( i=0; i<len; i+= size) { + if ( size == 1 ) val = (int)*CHARP(cp, i); + else if ( size == 2 ) val = (int)*SHORTP(cp, i); +@@ -614,10 +627,8 @@ + + if ( !PyArg_ParseTuple(args, "s#i:avgpp", &cp, &len, &size) ) + return 0; +- if ( size != 1 && size != 2 && size != 4 ) { +- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4"); +- return 0; +- } ++ if (!audioop_check_parameters(len, size)) ++ return NULL; + /* Compute first delta value ahead. Also automatically makes us + ** skip the first extreme value + */ +@@ -671,10 +682,8 @@ + + if ( !PyArg_ParseTuple(args, "s#i:maxpp", &cp, &len, &size) ) + return 0; +- if ( size != 1 && size != 2 && size != 4 ) { +- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4"); +- return 0; +- } ++ if (!audioop_check_parameters(len, size)) ++ return NULL; + /* Compute first delta value ahead. Also automatically makes us + ** skip the first extreme value + */ +@@ -722,10 +731,8 @@ + + if ( !PyArg_ParseTuple(args, "s#i:cross", &cp, &len, &size) ) + return 0; +- if ( size != 1 && size != 2 && size != 4 ) { +- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4"); +- return 0; +- } ++ if (!audioop_check_parameters(len, size)) ++ return NULL; + ncross = -1; + prevval = 17; /* Anything <> 0,1 */ + for ( i=0; i<len; i+= size) { +@@ -750,6 +757,8 @@ + + if ( !PyArg_ParseTuple(args, "s#id:mul", &cp, &len, &size, &factor ) ) + return 0; ++ if (!audioop_check_parameters(len, size)) ++ return NULL; + + if ( size == 1 ) maxval = (double) 0x7f; + else if ( size == 2 ) maxval = (double) 0x7fff; +@@ -792,6 +801,12 @@ + if ( !PyArg_ParseTuple(args, "s#idd:tomono", + &cp, &len, &size, &fac1, &fac2 ) ) + return 0; ++ if (!audioop_check_parameters(len, size)) ++ return NULL; ++ if ( ((len / size) & 1) != 0 ) { ++ PyErr_SetString(AudioopError, "not a whole number of frames"); ++ return NULL; ++ } + + if ( size == 1 ) maxval = (double) 0x7f; + else if ( size == 2 ) maxval = (double) 0x7fff; +@@ -837,6 +852,8 @@ + if ( !PyArg_ParseTuple(args, "s#idd:tostereo", + &cp, &len, &size, &fac1, &fac2 ) ) + return 0; ++ if (!audioop_check_parameters(len, size)) ++ return NULL; + + if ( size == 1 ) maxval = (double) 0x7f; + else if ( size == 2 ) maxval = (double) 0x7fff; +@@ -896,7 +913,8 @@ + if ( !PyArg_ParseTuple(args, "s#s#i:add", + &cp1, &len1, &cp2, &len2, &size ) ) + return 0; +- ++ if (!audioop_check_parameters(len1, size)) ++ return NULL; + if ( len1 != len2 ) { + PyErr_SetString(AudioopError, "Lengths should be the same"); + return 0; +@@ -950,11 +968,8 @@ + if ( !PyArg_ParseTuple(args, "s#ii:bias", + &cp, &len, &size , &bias) ) + return 0; +- +- if ( size != 1 && size != 2 && size != 4) { +- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4"); +- return 0; +- } ++ if (!audioop_check_parameters(len, size)) ++ return NULL; + + rv = PyString_FromStringAndSize(NULL, len); + if ( rv == 0 ) +@@ -986,12 +1001,9 @@ + if ( !PyArg_ParseTuple(args, "s#i:reverse", + &cp, &len, &size) ) + return 0; ++ if (!audioop_check_parameters(len, size)) ++ return NULL; + +- if ( size != 1 && size != 2 && size != 4 ) { +- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4"); +- return 0; +- } +- + rv = PyString_FromStringAndSize(NULL, len); + if ( rv == 0 ) + return 0; +@@ -1023,12 +1035,10 @@ + if ( !PyArg_ParseTuple(args, "s#ii:lin2lin", + &cp, &len, &size, &size2) ) + return 0; +- +- if ( (size != 1 && size != 2 && size != 4) || +- (size2 != 1 && size2 != 2 && size2 != 4)) { +- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4"); +- return 0; +- } ++ if (!audioop_check_parameters(len, size)) ++ return NULL; ++ if (!audioop_check_size(size2)) ++ return NULL; + + new_len = (len/size)*size2; + if (new_len < 0) { +@@ -1080,10 +1090,8 @@ + &nchannels, &inrate, &outrate, &state, + &weightA, &weightB)) + return NULL; +- if (size != 1 && size != 2 && size != 4) { +- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4"); ++ if (!audioop_check_size(size)) + return NULL; +- } + if (nchannels < 1) { + PyErr_SetString(AudioopError, "# of channels should be >= 1"); + return NULL; +@@ -1269,11 +1277,8 @@ + if ( !PyArg_ParseTuple(args, "s#i:lin2ulaw", + &cp, &len, &size) ) + return 0 ; +- +- if ( size != 1 && size != 2 && size != 4) { +- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4"); +- return 0; +- } ++ if (!audioop_check_parameters(len, size)) ++ return NULL; + + rv = PyString_FromStringAndSize(NULL, len/size); + if ( rv == 0 ) +@@ -1303,11 +1308,8 @@ + if ( !PyArg_ParseTuple(args, "s#i:ulaw2lin", + &cp, &len, &size) ) + return 0; +- +- if ( size != 1 && size != 2 && size != 4) { +- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4"); +- return 0; +- } ++ if (!audioop_check_size(size)) ++ return NULL; + + new_len = len*size; + if (new_len < 0) { +@@ -1343,11 +1345,8 @@ + if ( !PyArg_ParseTuple(args, "s#i:lin2alaw", + &cp, &len, &size) ) + return 0; +- +- if ( size != 1 && size != 2 && size != 4) { +- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4"); +- return 0; +- } ++ if (!audioop_check_parameters(len, size)) ++ return NULL; + + rv = PyString_FromStringAndSize(NULL, len/size); + if ( rv == 0 ) +@@ -1377,11 +1376,8 @@ + if ( !PyArg_ParseTuple(args, "s#i:alaw2lin", + &cp, &len, &size) ) + return 0; +- +- if ( size != 1 && size != 2 && size != 4) { +- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4"); +- return 0; +- } ++ if (!audioop_check_size(size)) ++ return NULL; + + new_len = len*size; + if (new_len < 0) { +@@ -1418,12 +1414,8 @@ + if ( !PyArg_ParseTuple(args, "s#iO:lin2adpcm", + &cp, &len, &size, &state) ) + return 0; +- +- +- if ( size != 1 && size != 2 && size != 4) { +- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4"); +- return 0; +- } ++ if (!audioop_check_parameters(len, size)) ++ return NULL; + + str = PyString_FromStringAndSize(NULL, len/(size*2)); + if ( str == 0 ) +@@ -1526,11 +1518,8 @@ + if ( !PyArg_ParseTuple(args, "s#iO:adpcm2lin", + &cp, &len, &size, &state) ) + return 0; +- +- if ( size != 1 && size != 2 && size != 4) { +- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4"); +- return 0; +- } ++ if (!audioop_check_size(size)) ++ return NULL; + + /* Decode state, should have (value, step) */ + if ( state == Py_None ) { |