changeset: 94640:cf6a62b0ef3b parent: 94637:b15a5f239e8a parent: 94639:693bf15b4314 user: Serhiy Storchaka date: Mon Feb 16 00:32:41 2015 +0200 files: Lib/dbm/dumb.py Lib/test/test_dbm_dumb.py Misc/NEWS description: Issue #22885: Fixed arbitrary code execution vulnerability in the dbm.dumb module. Original patch by Claudiu Popa. diff -r b15a5f239e8a -r cf6a62b0ef3b Lib/dbm/dumb.py --- a/Lib/dbm/dumb.py Sun Feb 15 18:12:20 2015 +0100 +++ b/Lib/dbm/dumb.py Mon Feb 16 00:32:41 2015 +0200 @@ -21,6 +21,7 @@ """ +import ast as _ast import io as _io import os as _os import collections @@ -95,7 +96,7 @@ with f: for line in f: line = line.rstrip() - key, pos_and_siz_pair = eval(line) + key, pos_and_siz_pair = _ast.literal_eval(line) key = key.encode('Latin-1') self._index[key] = pos_and_siz_pair diff -r b15a5f239e8a -r cf6a62b0ef3b Lib/test/test_dbm_dumb.py --- a/Lib/test/test_dbm_dumb.py Sun Feb 15 18:12:20 2015 +0100 +++ b/Lib/test/test_dbm_dumb.py Mon Feb 16 00:32:41 2015 +0200 @@ -225,6 +225,15 @@ with dumbdbm.open(_fname, 'n') as f: self.assertEqual(f.keys(), []) + def test_eval(self): + with open(_fname + '.dir', 'w') as stream: + stream.write("str(print('Hacked!')), 0\n") + with support.captured_stdout() as stdout: + with self.assertRaises(ValueError): + with dumbdbm.open(_fname) as f: + pass + self.assertEqual(stdout.getvalue(), '') + def tearDown(self): _delete_files() diff -r b15a5f239e8a -r cf6a62b0ef3b Misc/NEWS --- a/Misc/NEWS Sun Feb 15 18:12:20 2015 +0100 +++ b/Misc/NEWS Mon Feb 16 00:32:41 2015 +0200 @@ -13,6 +13,9 @@ Library ------- +- Issue #22885: Fixed arbitrary code execution vulnerability in the dbm.dumb + module. Original patch by Claudiu Popa. + - Issue #23239: ssl.match_hostname() now supports matching of IP addresses. - Issue #23146: Fix mishandling of absolute Windows paths with forward