Issue #22885: Fixed arbitrary code execution vulnerability in the dbm.dumb

module.  Original patch by Claudiu Popa.
This commit is contained in:
Serhiy Storchaka 2015-02-16 00:32:41 +02:00
commit 23edd49e5b
3 changed files with 14 additions and 1 deletions

View File

@ -21,6 +21,7 @@ is read when the database is opened, and some updates rewrite the whole index)
"""
import ast as _ast
import io as _io
import os as _os
import collections
@ -95,7 +96,7 @@ class _Database(collections.MutableMapping):
with f:
for line in f:
line = line.rstrip()
key, pos_and_siz_pair = eval(line)
key, pos_and_siz_pair = _ast.literal_eval(line)
key = key.encode('Latin-1')
self._index[key] = pos_and_siz_pair

View File

@ -225,6 +225,15 @@ class DumbDBMTestCase(unittest.TestCase):
with dumbdbm.open(_fname, 'n') as f:
self.assertEqual(f.keys(), [])
def test_eval(self):
with open(_fname + '.dir', 'w') as stream:
stream.write("str(print('Hacked!')), 0\n")
with support.captured_stdout() as stdout:
with self.assertRaises(ValueError):
with dumbdbm.open(_fname) as f:
pass
self.assertEqual(stdout.getvalue(), '')
def tearDown(self):
_delete_files()

View File

@ -13,6 +13,9 @@ Core and Builtins
Library
-------
- Issue #22885: Fixed arbitrary code execution vulnerability in the dbm.dumb
module. Original patch by Claudiu Popa.
- Issue #23239: ssl.match_hostname() now supports matching of IP addresses.
- Issue #23146: Fix mishandling of absolute Windows paths with forward