From: Serhiy Storchaka <storchaka@gmail.com>
Date: Sun, 15 Feb 2015 22:32:41 +0000 (+0200)
Subject: Issue #22885: Fixed arbitrary code execution vulnerability in the dbm.dumb
X-Git-Tag: v3.5.0a2~140
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=23edd49e5bb05d8999d5a181d17d3f4226243ac1;p=thirdparty%2FPython%2Fcpython.git

Issue #22885: Fixed arbitrary code execution vulnerability in the dbm.dumb
module.  Original patch by Claudiu Popa.
---

23edd49e5bb05d8999d5a181d17d3f4226243ac1
diff --cc Lib/test/test_dbm_dumb.py
index ee5a32f3fb0a,dc88ca64dcfd..ff63c88c0bc5
--- a/Lib/test/test_dbm_dumb.py
+++ b/Lib/test/test_dbm_dumb.py
@@@ -217,14 -217,15 +217,23 @@@ class DumbDBMTestCase(unittest.TestCase
              self.assertEqual(str(cm.exception),
                               "DBM object has already been closed")
  
 +    def test_create_new(self):
 +        with dumbdbm.open(_fname, 'n') as f:
 +            for k in self._dict:
 +                f[k] = self._dict[k]
 +
 +        with dumbdbm.open(_fname, 'n') as f:
 +            self.assertEqual(f.keys(), [])
 +
+     def test_eval(self):
+         with open(_fname + '.dir', 'w') as stream:
+             stream.write("str(print('Hacked!')), 0\n")
+         with support.captured_stdout() as stdout:
+             with self.assertRaises(ValueError):
+                 with dumbdbm.open(_fname) as f:
+                     pass
+             self.assertEqual(stdout.getvalue(), '')
+ 
      def tearDown(self):
          _delete_files()
  
diff --cc Misc/NEWS
index 3712a98431d5,b453fe458d2f..f836c8d209ff
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@@ -13,8 -13,9 +13,11 @@@ Core and Builtin
  Library
  -------
  
+ - Issue #22885: Fixed arbitrary code execution vulnerability in the dbm.dumb
+   module.  Original patch by Claudiu Popa.
+ 
 +- Issue #23239: ssl.match_hostname() now supports matching of IP addresses.
 +
  - Issue #23146: Fix mishandling of absolute Windows paths with forward
    slashes in pathlib.