mirrors
/
cpython
mirror of https://github.com/python/cpython.git
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

merge 3.3 (#27758)

This commit is contained in:
Benjamin Peterson 2016-08-13 17:21:22 -07:00
parent a0b2568627 6e01d90cc8
commit 59b6abd38c
2 changed files with 22 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Misc/NEWS
View File

@ -13,6 +13,9 @@ Core and Builtins
Library Library
------- -------
- Issue #27758: Fix possible integer overflow in the _csv module for large record
lengths.
- Issue #27568: Prevent HTTPoxy attack (CVE-2016-1000110). Ignore the - Issue #27568: Prevent HTTPoxy attack (CVE-2016-1000110). Ignore the
HTTP_PROXY variable when REQUEST_METHOD environment is set, which indicates HTTP_PROXY variable when REQUEST_METHOD environment is set, which indicates
that the script is in CGI mode. that the script is in CGI mode.

21
Modules/_csv.c
View File

@ -1016,11 +1016,19 @@ join_append_data(WriterObj *self, unsigned int field_kind, void *field_data,
int i; int i;
Py_ssize_t rec_len; Py_ssize_t rec_len;
#define INCLEN \
do {\
if (!copy_phase && rec_len == PY_SSIZE_T_MAX) { \
goto overflow; \
} \
rec_len++; \
} while(0)
#define ADDCH(c) \ #define ADDCH(c) \
do {\ do {\
if (copy_phase) \ if (copy_phase) \
self->rec[rec_len] = c;\ self->rec[rec_len] = c;\
rec_len++;\ INCLEN;\
} while(0) } while(0)
rec_len = self->rec_len; rec_len = self->rec_len;
@ -1086,11 +1094,18 @@ join_append_data(WriterObj *self, unsigned int field_kind, void *field_data,
if (*quoted) { if (*quoted) {
if (copy_phase) if (copy_phase)
ADDCH(dialect->quotechar); ADDCH(dialect->quotechar);
else else {
rec_len += 2; INCLEN; /* starting quote */
INCLEN; /* ending quote */
}
} }
return rec_len; return rec_len;
overflow:
PyErr_NoMemory();
return -1;
#undef ADDCH #undef ADDCH
#undef INCLEN
} }
static int static int