diff options
Diffstat (limited to 'lang/python27/patches/patch-CVE-2012-1150-Objects_bufferobject.c')
-rw-r--r-- | lang/python27/patches/patch-CVE-2012-1150-Objects_bufferobject.c | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/lang/python27/patches/patch-CVE-2012-1150-Objects_bufferobject.c b/lang/python27/patches/patch-CVE-2012-1150-Objects_bufferobject.c new file mode 100644 index 00000000000..71661719084 --- /dev/null +++ b/lang/python27/patches/patch-CVE-2012-1150-Objects_bufferobject.c @@ -0,0 +1,30 @@ +$NetBSD: patch-CVE-2012-1150-Objects_bufferobject.c,v 1.1 2012/03/24 12:04:37 tron Exp $ + +Fix for CVE-2012-1150 taken from here: + +http://hg.python.org/cpython/rev/a0f43f4481e0 + +--- Objects/bufferobject.c.orig 2011-06-11 16:46:27.000000000 +0100 ++++ Objects/bufferobject.c 2012-03-24 11:02:25.000000000 +0000 +@@ -334,10 +334,20 @@ + return -1; + p = (unsigned char *) ptr; + len = size; +- x = *p << 7; ++ /* ++ We make the hash of the empty buffer be 0, rather than using ++ (prefix ^ suffix), since this slightly obfuscates the hash secret ++ */ ++ if (len == 0) { ++ self->b_hash = 0; ++ return 0; ++ } ++ x = _Py_HashSecret.prefix; ++ x ^= *p << 7; + while (--len >= 0) + x = (1000003*x) ^ *p++; + x ^= size; ++ x ^= _Py_HashSecret.suffix; + if (x == -1) + x = -2; + self->b_hash = x; |