Issue #22885: Fixed arbitrary code execution vulnerability in the dbm.dumb
module. Original patch by Claudiu Popa.
This commit is contained in:
commit
23edd49e5b
|
@ -21,6 +21,7 @@ is read when the database is opened, and some updates rewrite the whole index)
|
|||
|
||||
"""
|
||||
|
||||
import ast as _ast
|
||||
import io as _io
|
||||
import os as _os
|
||||
import collections
|
||||
|
@ -95,7 +96,7 @@ class _Database(collections.MutableMapping):
|
|||
with f:
|
||||
for line in f:
|
||||
line = line.rstrip()
|
||||
key, pos_and_siz_pair = eval(line)
|
||||
key, pos_and_siz_pair = _ast.literal_eval(line)
|
||||
key = key.encode('Latin-1')
|
||||
self._index[key] = pos_and_siz_pair
|
||||
|
||||
|
|
|
@ -225,6 +225,15 @@ class DumbDBMTestCase(unittest.TestCase):
|
|||
with dumbdbm.open(_fname, 'n') as f:
|
||||
self.assertEqual(f.keys(), [])
|
||||
|
||||
def test_eval(self):
|
||||
with open(_fname + '.dir', 'w') as stream:
|
||||
stream.write("str(print('Hacked!')), 0\n")
|
||||
with support.captured_stdout() as stdout:
|
||||
with self.assertRaises(ValueError):
|
||||
with dumbdbm.open(_fname) as f:
|
||||
pass
|
||||
self.assertEqual(stdout.getvalue(), '')
|
||||
|
||||
def tearDown(self):
|
||||
_delete_files()
|
||||
|
||||
|
|
|
@ -13,6 +13,9 @@ Core and Builtins
|
|||
Library
|
||||
-------
|
||||
|
||||
- Issue #22885: Fixed arbitrary code execution vulnerability in the dbm.dumb
|
||||
module. Original patch by Claudiu Popa.
|
||||
|
||||
- Issue #23239: ssl.match_hostname() now supports matching of IP addresses.
|
||||
|
||||
- Issue #23146: Fix mishandling of absolute Windows paths with forward
|
||||
|
|
Loading…
Reference in New Issue