Skip to content

[3.4] bpo-30657: Check & prevent integer overflow in PyString_DecodeEscape (GH-2174)#4758

Merged
larryhastings merged 1 commit intopython:3.4from
hroncok:3.4-fix-issue-30657
Dec 8, 2017
Merged

[3.4] bpo-30657: Check & prevent integer overflow in PyString_DecodeEscape (GH-2174)#4758
larryhastings merged 1 commit intopython:3.4from
hroncok:3.4-fix-issue-30657

Conversation

@hroncok
Copy link
Copy Markdown
Contributor

@hroncok hroncok commented Dec 8, 2017

Fixes possible integer overflow in PyBytes_DecodeEscape, CVE-2017-1000158.
Original patch by Jay Bosamiya @jaybosamiya in #2174

https://bugs.python.org/issue30657

@hroncok @jaybosamiya
bpo-30657: Fix CVE-2017-1000158
e3e119a 
Fixes possible integer overflow in PyBytes_DecodeEscape.

Co-Authored-By: Jay Bosamiya <jaybosamiya@gmail.com>
@bedevere-bot bedevere-bot added the type-bug An unexpected behavior, bug, or error label Dec 8, 2017
@hroncok hroncok mentioned this pull request Dec 8, 2017
Merged
vstinner
vstinner approved these changes Dec 8, 2017
View reviewed changes
Copy link
Copy Markdown
Member

@vstinner vstinner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@vstinner
Copy link
Copy Markdown
Member

vstinner commented Dec 8, 2017

@larryhastings: Would you mind to merge this PR?

@larryhastings larryhastings merged commit 6c004b4 into python:3.4 Dec 8, 2017
@hroncok hroncok deleted the 3.4-fix-issue-30657 branch December 8, 2017 21:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vstinner vstinner vstinner approved these changes

Assignees

No one assigned

Labels

type-bug An unexpected behavior, bug, or error

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@hroncok @vstinner @larryhastings @the-knights-who-say-ni @bedevere-bot