leepa/CVE-2014-1912.patch

## CVE-2014-1912.patch
# HG changeset patch
# User Benjamin Peterson <benjamin@python.org>
# Date 1389671978 18000
# Node ID 87673659d8f7ba1623cd4914f09ad3d2ade034e9
# Parent  2631d33ee7fbd5f0288931ef37872218d511d2e8
complain when nbytes > buflen to fix possible buffer overflow (closes #20246)

# HG changeset patch
# User Stefan Krah <skrah@bytereef.org>
# Date 1390341952 -3600
# Node ID b6c5a37b221f5c617125faa363d1b460b0b61b42
# Parent  d55d1cbf5f9a9efa7908fc9412bae676a6b675ef
Issue #20246: Fix test failures on FreeBSD. Patch by Ryan Smith-Roberts.

diff --git a/Lib/test/test_socket.py b/Lib/test/test_socket.py
--- Lib/test/test_socket.py
+++ Lib/test/test_socket.py
@@ -1620,6 +1620,16 @@ class BufferIOTest(SocketConnectedTest):

     _testRecvFromIntoMemoryview = _testRecvFromIntoArray

+    def testRecvFromIntoSmallBuffer(self):
+        # See issue #20246.
+        buf = bytearray(8)
+        self.assertRaises(ValueError, self.cli_conn.recvfrom_into, buf, 1024)
+
+    def _testRecvFromIntoSmallBuffer(self):
+        with test_support.check_py3k_warnings():
+            buf = buffer(MSG)
+        self.serv_conn.send(buf)
+

 TIPC_STYPE = 2000
 TIPC_LOWER = 200

diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c
--- Modules/socketmodule.c
+++ Modules/socketmodule.c
@@ -2742,6 +2742,10 @@ sock_recvfrom_into(PySocketSockObject *s
     if (recvlen == 0) {
         /* If nbytes was not specified, use the buffer's length */
         recvlen = buflen;
+    } else if (recvlen > buflen) {
+        PyErr_SetString(PyExc_ValueError,
+                        "nbytes is greater than the length of the buffer");
+        goto error;
     }

     readlen = sock_recvfrom_guts(s, buf.buf, recvlen, flags, &addr);
	# HG changeset patch
	# User Benjamin Peterson <benjamin@python.org>
	# Date 1389671978 18000
	# Node ID 87673659d8f7ba1623cd4914f09ad3d2ade034e9
	# Parent 2631d33ee7fbd5f0288931ef37872218d511d2e8
	complain when nbytes > buflen to fix possible buffer overflow (closes #20246)

	# HG changeset patch
	# User Stefan Krah <skrah@bytereef.org>
	# Date 1390341952 -3600
	# Node ID b6c5a37b221f5c617125faa363d1b460b0b61b42
	# Parent d55d1cbf5f9a9efa7908fc9412bae676a6b675ef
	Issue #20246: Fix test failures on FreeBSD. Patch by Ryan Smith-Roberts.

	diff --git a/Lib/test/test_socket.py b/Lib/test/test_socket.py
	--- Lib/test/test_socket.py
	+++ Lib/test/test_socket.py
	@@ -1620,6 +1620,16 @@ class BufferIOTest(SocketConnectedTest):

	_testRecvFromIntoMemoryview = _testRecvFromIntoArray

	+ def testRecvFromIntoSmallBuffer(self):
	+ # See issue #20246.
	+ buf = bytearray(8)
	+ self.assertRaises(ValueError, self.cli_conn.recvfrom_into, buf, 1024)
	+
	+ def _testRecvFromIntoSmallBuffer(self):
	+ with test_support.check_py3k_warnings():
	+ buf = buffer(MSG)
	+ self.serv_conn.send(buf)
	+

	TIPC_STYPE = 2000
	TIPC_LOWER = 200

	diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c
	--- Modules/socketmodule.c
	+++ Modules/socketmodule.c
	@@ -2742,6 +2742,10 @@ sock_recvfrom_into(PySocketSockObject *s
	if (recvlen == 0) {
	/* If nbytes was not specified, use the buffer's length */
	recvlen = buflen;
	+ } else if (recvlen > buflen) {
	+ PyErr_SetString(PyExc_ValueError,
	+ "nbytes is greater than the length of the buffer");
	+ goto error;
	}

	readlen = sock_recvfrom_guts(s, buf.buf, recvlen, flags, &addr);