The patch of security fix of CVE-2010-2089 to lang/python26
wen heping
wenheping at gmail.com
Tue Jun 29 08:58:45 UTC 2010
Hi,
Here is a patch to fix the audioop security issue, which document
as CVE-2010-2089.
More detail please visit:
http://bugs.python.org/issue7673
Would you have a test of it ?
Thanks.
wen
-------------- next part --------------
diff -urN python26.orig/Makefile python26/Makefile
--- python26.orig/Makefile 2010-06-29 16:51:39.000000000 +0800
+++ python26/Makefile 2010-06-29 16:50:06.000000000 +0800
@@ -6,6 +6,7 @@
PORTNAME= python26
PORTVERSION= 2.6.5
+PORTREVISION= 1
CATEGORIES= lang python ipv6
MASTER_SITES= ${PYTHON_MASTER_SITES}
MASTER_SITE_SUBDIR= ${PYTHON_MASTER_SITE_SUBDIR}
diff -urN python26.orig/files/patch-Modules-audioop.c python26/files/patch-Modules-audioop.c
--- python26.orig/files/patch-Modules-audioop.c 1970-01-01 08:00:00.000000000 +0800
+++ python26/files/patch-Modules-audioop.c 2010-06-29 16:40:45.000000000 +0800
@@ -0,0 +1,319 @@
+--- Modules/audioop.c.orig 2008-07-08 01:02:59.000000000 +0800
++++ Modules/audioop.c 2010-06-29 16:40:23.000000000 +0800
+@@ -295,6 +295,29 @@
+
+ static PyObject *AudioopError;
+
++static int
++audioop_check_size(int size)
++{
++ if ( size != 1 && size != 2 && size != 4 ) {
++ PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
++ return 0;
++ } else {
++ return 1;
++ }
++}
++
++static int
++audioop_check_parameters(int len, int size)
++{
++ if (!audioop_check_size(size))
++ return 0;
++ if ( len % size != 0 ) {
++ PyErr_SetString(AudioopError, "not a whole number of frames");
++ return 0;
++ }
++ return 1;
++}
++
+ static PyObject *
+ audioop_getsample(PyObject *self, PyObject *args)
+ {
+@@ -304,10 +327,8 @@
+
+ if ( !PyArg_ParseTuple(args, "s#ii:getsample", &cp, &len, &size, &i) )
+ return 0;
+- if ( size != 1 && size != 2 && size != 4 ) {
+- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
+- return 0;
+- }
++ if (!audioop_check_parameters(len, size))
++ return NULL;
+ if ( i < 0 || i >= len/size ) {
+ PyErr_SetString(AudioopError, "Index out of range");
+ return 0;
+@@ -328,10 +349,8 @@
+
+ if ( !PyArg_ParseTuple(args, "s#i:max", &cp, &len, &size) )
+ return 0;
+- if ( size != 1 && size != 2 && size != 4 ) {
+- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
+- return 0;
+- }
++ if (!audioop_check_parameters(len, size))
++ return NULL;
+ for ( i=0; i<len; i+= size) {
+ if ( size == 1 ) val = (int)*CHARP(cp, i);
+ else if ( size == 2 ) val = (int)*SHORTP(cp, i);
+@@ -352,10 +371,8 @@
+
+ if (!PyArg_ParseTuple(args, "s#i:minmax", &cp, &len, &size))
+ return NULL;
+- if (size != 1 && size != 2 && size != 4) {
+- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
++ if (!audioop_check_parameters(len, size))
+ return NULL;
+- }
+ for (i = 0; i < len; i += size) {
+ if (size == 1) val = (int) *CHARP(cp, i);
+ else if (size == 2) val = (int) *SHORTP(cp, i);
+@@ -376,10 +393,8 @@
+
+ if ( !PyArg_ParseTuple(args, "s#i:avg", &cp, &len, &size) )
+ return 0;
+- if ( size != 1 && size != 2 && size != 4 ) {
+- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
+- return 0;
+- }
++ if (!audioop_check_parameters(len, size))
++ return NULL;
+ for ( i=0; i<len; i+= size) {
+ if ( size == 1 ) val = (int)*CHARP(cp, i);
+ else if ( size == 2 ) val = (int)*SHORTP(cp, i);
+@@ -403,10 +418,8 @@
+
+ if ( !PyArg_ParseTuple(args, "s#i:rms", &cp, &len, &size) )
+ return 0;
+- if ( size != 1 && size != 2 && size != 4 ) {
+- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
+- return 0;
+- }
++ if (!audioop_check_parameters(len, size))
++ return NULL;
+ for ( i=0; i<len; i+= size) {
+ if ( size == 1 ) val = (int)*CHARP(cp, i);
+ else if ( size == 2 ) val = (int)*SHORTP(cp, i);
+@@ -614,10 +627,8 @@
+
+ if ( !PyArg_ParseTuple(args, "s#i:avgpp", &cp, &len, &size) )
+ return 0;
+- if ( size != 1 && size != 2 && size != 4 ) {
+- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
+- return 0;
+- }
++ if (!audioop_check_parameters(len, size))
++ return NULL;
+ /* Compute first delta value ahead. Also automatically makes us
+ ** skip the first extreme value
+ */
+@@ -671,10 +682,8 @@
+
+ if ( !PyArg_ParseTuple(args, "s#i:maxpp", &cp, &len, &size) )
+ return 0;
+- if ( size != 1 && size != 2 && size != 4 ) {
+- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
+- return 0;
+- }
++ if (!audioop_check_parameters(len, size))
++ return NULL;
+ /* Compute first delta value ahead. Also automatically makes us
+ ** skip the first extreme value
+ */
+@@ -722,10 +731,8 @@
+
+ if ( !PyArg_ParseTuple(args, "s#i:cross", &cp, &len, &size) )
+ return 0;
+- if ( size != 1 && size != 2 && size != 4 ) {
+- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
+- return 0;
+- }
++ if (!audioop_check_parameters(len, size))
++ return NULL;
+ ncross = -1;
+ prevval = 17; /* Anything <> 0,1 */
+ for ( i=0; i<len; i+= size) {
+@@ -750,6 +757,8 @@
+
+ if ( !PyArg_ParseTuple(args, "s#id:mul", &cp, &len, &size, &factor ) )
+ return 0;
++ if (!audioop_check_parameters(len, size))
++ return NULL;
+
+ if ( size == 1 ) maxval = (double) 0x7f;
+ else if ( size == 2 ) maxval = (double) 0x7fff;
+@@ -792,6 +801,12 @@
+ if ( !PyArg_ParseTuple(args, "s#idd:tomono",
+ &cp, &len, &size, &fac1, &fac2 ) )
+ return 0;
++ if (!audioop_check_parameters(len, size))
++ return NULL;
++ if ( ((len / size) & 1) != 0 ) {
++ PyErr_SetString(AudioopError, "not a whole number of frames");
++ return NULL;
++ }
+
+ if ( size == 1 ) maxval = (double) 0x7f;
+ else if ( size == 2 ) maxval = (double) 0x7fff;
+@@ -837,6 +852,8 @@
+ if ( !PyArg_ParseTuple(args, "s#idd:tostereo",
+ &cp, &len, &size, &fac1, &fac2 ) )
+ return 0;
++ if (!audioop_check_parameters(len, size))
++ return NULL;
+
+ if ( size == 1 ) maxval = (double) 0x7f;
+ else if ( size == 2 ) maxval = (double) 0x7fff;
+@@ -896,7 +913,8 @@
+ if ( !PyArg_ParseTuple(args, "s#s#i:add",
+ &cp1, &len1, &cp2, &len2, &size ) )
+ return 0;
+-
++ if (!audioop_check_parameters(len1, size))
++ return NULL;
+ if ( len1 != len2 ) {
+ PyErr_SetString(AudioopError, "Lengths should be the same");
+ return 0;
+@@ -950,11 +968,8 @@
+ if ( !PyArg_ParseTuple(args, "s#ii:bias",
+ &cp, &len, &size , &bias) )
+ return 0;
+-
+- if ( size != 1 && size != 2 && size != 4) {
+- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
+- return 0;
+- }
++ if (!audioop_check_parameters(len, size))
++ return NULL;
+
+ rv = PyString_FromStringAndSize(NULL, len);
+ if ( rv == 0 )
+@@ -986,12 +1001,9 @@
+ if ( !PyArg_ParseTuple(args, "s#i:reverse",
+ &cp, &len, &size) )
+ return 0;
++ if (!audioop_check_parameters(len, size))
++ return NULL;
+
+- if ( size != 1 && size != 2 && size != 4 ) {
+- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
+- return 0;
+- }
+-
+ rv = PyString_FromStringAndSize(NULL, len);
+ if ( rv == 0 )
+ return 0;
+@@ -1023,12 +1035,10 @@
+ if ( !PyArg_ParseTuple(args, "s#ii:lin2lin",
+ &cp, &len, &size, &size2) )
+ return 0;
+-
+- if ( (size != 1 && size != 2 && size != 4) ||
+- (size2 != 1 && size2 != 2 && size2 != 4)) {
+- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
+- return 0;
+- }
++ if (!audioop_check_parameters(len, size))
++ return NULL;
++ if (!audioop_check_size(size2))
++ return NULL;
+
+ new_len = (len/size)*size2;
+ if (new_len < 0) {
+@@ -1080,10 +1090,8 @@
+ &nchannels, &inrate, &outrate, &state,
+ &weightA, &weightB))
+ return NULL;
+- if (size != 1 && size != 2 && size != 4) {
+- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
++ if (!audioop_check_size(size))
+ return NULL;
+- }
+ if (nchannels < 1) {
+ PyErr_SetString(AudioopError, "# of channels should be >= 1");
+ return NULL;
+@@ -1269,11 +1277,8 @@
+ if ( !PyArg_ParseTuple(args, "s#i:lin2ulaw",
+ &cp, &len, &size) )
+ return 0 ;
+-
+- if ( size != 1 && size != 2 && size != 4) {
+- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
+- return 0;
+- }
++ if (!audioop_check_parameters(len, size))
++ return NULL;
+
+ rv = PyString_FromStringAndSize(NULL, len/size);
+ if ( rv == 0 )
+@@ -1303,11 +1308,8 @@
+ if ( !PyArg_ParseTuple(args, "s#i:ulaw2lin",
+ &cp, &len, &size) )
+ return 0;
+-
+- if ( size != 1 && size != 2 && size != 4) {
+- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
+- return 0;
+- }
++ if (!audioop_check_size(size))
++ return NULL;
+
+ new_len = len*size;
+ if (new_len < 0) {
+@@ -1343,11 +1345,8 @@
+ if ( !PyArg_ParseTuple(args, "s#i:lin2alaw",
+ &cp, &len, &size) )
+ return 0;
+-
+- if ( size != 1 && size != 2 && size != 4) {
+- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
+- return 0;
+- }
++ if (!audioop_check_parameters(len, size))
++ return NULL;
+
+ rv = PyString_FromStringAndSize(NULL, len/size);
+ if ( rv == 0 )
+@@ -1377,11 +1376,8 @@
+ if ( !PyArg_ParseTuple(args, "s#i:alaw2lin",
+ &cp, &len, &size) )
+ return 0;
+-
+- if ( size != 1 && size != 2 && size != 4) {
+- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
+- return 0;
+- }
++ if (!audioop_check_size(size))
++ return NULL;
+
+ new_len = len*size;
+ if (new_len < 0) {
+@@ -1418,12 +1414,8 @@
+ if ( !PyArg_ParseTuple(args, "s#iO:lin2adpcm",
+ &cp, &len, &size, &state) )
+ return 0;
+-
+-
+- if ( size != 1 && size != 2 && size != 4) {
+- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
+- return 0;
+- }
++ if (!audioop_check_parameters(len, size))
++ return NULL;
+
+ str = PyString_FromStringAndSize(NULL, len/(size*2));
+ if ( str == 0 )
+@@ -1526,11 +1518,8 @@
+ if ( !PyArg_ParseTuple(args, "s#iO:adpcm2lin",
+ &cp, &len, &size, &state) )
+ return 0;
+-
+- if ( size != 1 && size != 2 && size != 4) {
+- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
+- return 0;
+- }
++ if (!audioop_check_size(size))
++ return NULL;
+
+ /* Decode state, should have (value, step) */
+ if ( state == Py_None ) {
More information about the freebsd-python
mailing list