From patchwork Fri Feb 5 13:07:56 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Korsgaard X-Patchwork-Id: 1436642 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=iYFiE4OF; dkim-atps=neutral Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DXG1k58Gpz9sB4 for ; Sat, 6 Feb 2021 00:08:08 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 4B98A87110; Fri, 5 Feb 2021 13:08:05 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 88msamsgouao; Fri, 5 Feb 2021 13:08:03 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by whitealder.osuosl.org (Postfix) with ESMTP id 621DC870AC; Fri, 5 Feb 2021 13:08:03 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by ash.osuosl.org (Postfix) with ESMTP id B93501BF38A for ; Fri, 5 Feb 2021 13:08:01 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id B57A287370 for ; Fri, 5 Feb 2021 13:08:01 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uW5D2dBJK3at for ; Fri, 5 Feb 2021 13:08:00 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-ed1-f50.google.com (mail-ed1-f50.google.com [209.85.208.50]) by hemlock.osuosl.org (Postfix) with ESMTPS id 6C2A88736F for ; Fri, 5 Feb 2021 13:08:00 +0000 (UTC) Received: by mail-ed1-f50.google.com with SMTP id s11so8756498edd.5 for ; Fri, 05 Feb 2021 05:08:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=pyZXFCniX2dLXjILekcKhgZXFAi6MdZejuenAjpzmkA=; b=iYFiE4OF4wIbYdIQeBpfoZNUP691g95KYw2pWstmCm7xQSMJj2BMhggXBzU+rZxv9X VNyQxHcCI1+vNlFtMyuWkXZfkD7pywsVrKjUvNeznIJHa9Pwde5OQlf+7pVbSavuJNHt fIIbwNzaFSX/P81YQwm759FxVqFdJ1vXS6s/g+zfhB/wA5lH/UugfH6eoxOaqaiu4LRm ejOROwThlXTEbhrYGNvabTCa75r+oldx2IA7km2sfCckunpZpwmZ8H4h1h8ZW3RMX5U6 wawNE7/oYXUHmI/XGE3gbzHq5AYrJ91MwzaTifwF6lZUdQGL+i5b9NCdUHHaArTvol9T cgOw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :mime-version:content-transfer-encoding; bh=pyZXFCniX2dLXjILekcKhgZXFAi6MdZejuenAjpzmkA=; b=Ow0XdM983yd0SwNAxdI4NQfavtTTL1T3qMptP5jV2Q84x4LO4Qbo6dUQCAEt3BT0bo mKB4sJlgC8Y8PvNWr/M7Z8O+Rep6uF8I3148+MU0FTF5K3ia0JKb641YRu5HByA71kEN 65W7slb2epkFCbpw8MfCFuimY/6w+pDdKeLfKC4eQf2QKBrAjNNs7/CW5H/sYVtolo4A p0opeTcwtU2USiV3UJTGNw4gIpRjLYtJWWLQFXKuHTDDMuXzDhqo1z2QHVF/24HVSc0t fgmjJmKuMcWSWSB6ImhjFxIM5pHCng62OsM+DM0oDfQGuFKkik6VbStC1wkXy6+PmuPT 3DkQ== X-Gm-Message-State: AOAM53276Bs4vdJkd2EycaPQzlHBV1Hlh7Ey0xH2NWDZ/TNalAYPJUk+ IAsg/VFNDBXMvSc32dJw1ys0lIHE4Wc= X-Google-Smtp-Source: ABdhPJxWNBGbcd8vor69qPK8LT95KQ6pufR8JI3RaNTdjo0DCHsJScB/SjOCdKVmh0rXxo+4VawjvA== X-Received: by 2002:aa7:d6d4:: with SMTP id x20mr3554373edr.8.1612530478920; Fri, 05 Feb 2021 05:07:58 -0800 (PST) Received: from dell.be.48ers.dk (d51A5BC31.access.telenet.be. [81.165.188.49]) by smtp.gmail.com with ESMTPSA id g3sm3892431eds.69.2021.02.05.05.07.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Feb 2021 05:07:58 -0800 (PST) Received: from peko by dell.be.48ers.dk with local (Exim 4.92) (envelope-from ) id 1l80q5-0004Ti-FU; Fri, 05 Feb 2021 14:07:57 +0100 From: Peter Korsgaard To: buildroot@buildroot.org Date: Fri, 5 Feb 2021 14:07:56 +0100 Message-Id: <20210205130756.17142-1-peter@korsgaard.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Subject: [Buildroot] [PATCH] package/python3: add upstream security fix for CVE-2021-3177 X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Thomas Petazzoni , Asaf Kahlon Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Fixes the following security issue: - CVE-2021-3177: Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely. For details, see the advisory: https://python-security.readthedocs.io/vuln/ctypes-buffer-overflow-pycarg_repr.html Signed-off-by: Peter Korsgaard --- ...-Replace-snprintf-with-Python-unicod.patch | 190 ++++++++++++++++++ package/python3/python3.mk | 3 + 2 files changed, 193 insertions(+) create mode 100644 package/python3/0035-closes-bpo-42938-Replace-snprintf-with-Python-unicod.patch diff --git a/package/python3/0035-closes-bpo-42938-Replace-snprintf-with-Python-unicod.patch b/package/python3/0035-closes-bpo-42938-Replace-snprintf-with-Python-unicod.patch new file mode 100644 index 0000000000..5f20265a23 --- /dev/null +++ b/package/python3/0035-closes-bpo-42938-Replace-snprintf-with-Python-unicod.patch @@ -0,0 +1,190 @@ +From c347cbe694743cee120457aa6626712f7799a932 Mon Sep 17 00:00:00 2001 +From: "Miss Islington (bot)" + <31488909+miss-islington@users.noreply.github.com> +Date: Mon, 18 Jan 2021 13:29:31 -0800 +Subject: [PATCH] closes bpo-42938: Replace snprintf with Python unicode + formatting in ctypes param reprs. (GH-24247) + +(cherry picked from commit 916610ef90a0d0761f08747f7b0905541f0977c7) + +Co-authored-by: Benjamin Peterson + +Co-authored-by: Benjamin Peterson +Signed-off-by: Peter Korsgaard +--- + Lib/ctypes/test/test_parameters.py | 43 ++++++++++++++++ + .../2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst | 2 + + Modules/_ctypes/callproc.c | 51 +++++++------------ + 3 files changed, 64 insertions(+), 32 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst + +diff --git a/Lib/ctypes/test/test_parameters.py b/Lib/ctypes/test/test_parameters.py +index e4c25fd880..531894fdec 100644 +--- a/Lib/ctypes/test/test_parameters.py ++++ b/Lib/ctypes/test/test_parameters.py +@@ -201,6 +201,49 @@ class SimpleTypesTestCase(unittest.TestCase): + with self.assertRaises(ZeroDivisionError): + WorseStruct().__setstate__({}, b'foo') + ++ def test_parameter_repr(self): ++ from ctypes import ( ++ c_bool, ++ c_char, ++ c_wchar, ++ c_byte, ++ c_ubyte, ++ c_short, ++ c_ushort, ++ c_int, ++ c_uint, ++ c_long, ++ c_ulong, ++ c_longlong, ++ c_ulonglong, ++ c_float, ++ c_double, ++ c_longdouble, ++ c_char_p, ++ c_wchar_p, ++ c_void_p, ++ ) ++ self.assertRegex(repr(c_bool.from_param(True)), r"^$") ++ self.assertEqual(repr(c_char.from_param(97)), "") ++ self.assertRegex(repr(c_wchar.from_param('a')), r"^$") ++ self.assertEqual(repr(c_byte.from_param(98)), "") ++ self.assertEqual(repr(c_ubyte.from_param(98)), "") ++ self.assertEqual(repr(c_short.from_param(511)), "") ++ self.assertEqual(repr(c_ushort.from_param(511)), "") ++ self.assertRegex(repr(c_int.from_param(20000)), r"^$") ++ self.assertRegex(repr(c_uint.from_param(20000)), r"^$") ++ self.assertRegex(repr(c_long.from_param(20000)), r"^$") ++ self.assertRegex(repr(c_ulong.from_param(20000)), r"^$") ++ self.assertRegex(repr(c_longlong.from_param(20000)), r"^$") ++ self.assertRegex(repr(c_ulonglong.from_param(20000)), r"^$") ++ self.assertEqual(repr(c_float.from_param(1.5)), "") ++ self.assertEqual(repr(c_double.from_param(1.5)), "") ++ self.assertEqual(repr(c_double.from_param(1e300)), "") ++ self.assertRegex(repr(c_longdouble.from_param(1.5)), r"^$") ++ self.assertRegex(repr(c_char_p.from_param(b'hihi')), "^$") ++ self.assertRegex(repr(c_wchar_p.from_param('hihi')), "^$") ++ self.assertRegex(repr(c_void_p.from_param(0x12)), r"^$") ++ + ################################################################ + + if __name__ == '__main__': +diff --git a/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst +new file mode 100644 +index 0000000000..7df65a156f +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst +@@ -0,0 +1,2 @@ ++Avoid static buffers when computing the repr of :class:`ctypes.c_double` and ++:class:`ctypes.c_longdouble` values. +diff --git a/Modules/_ctypes/callproc.c b/Modules/_ctypes/callproc.c +index b0a36a3024..f2506de544 100644 +--- a/Modules/_ctypes/callproc.c ++++ b/Modules/_ctypes/callproc.c +@@ -489,58 +489,47 @@ is_literal_char(unsigned char c) + static PyObject * + PyCArg_repr(PyCArgObject *self) + { +- char buffer[256]; + switch(self->tag) { + case 'b': + case 'B': +- sprintf(buffer, "", ++ return PyUnicode_FromFormat("", + self->tag, self->value.b); +- break; + case 'h': + case 'H': +- sprintf(buffer, "", ++ return PyUnicode_FromFormat("", + self->tag, self->value.h); +- break; + case 'i': + case 'I': +- sprintf(buffer, "", ++ return PyUnicode_FromFormat("", + self->tag, self->value.i); +- break; + case 'l': + case 'L': +- sprintf(buffer, "", ++ return PyUnicode_FromFormat("", + self->tag, self->value.l); +- break; + + case 'q': + case 'Q': +- sprintf(buffer, +-#ifdef MS_WIN32 +- "", +-#else +- "", +-#endif ++ return PyUnicode_FromFormat("", + self->tag, self->value.q); +- break; + case 'd': +- sprintf(buffer, "", +- self->tag, self->value.d); +- break; +- case 'f': +- sprintf(buffer, "", +- self->tag, self->value.f); +- break; +- ++ case 'f': { ++ PyObject *f = PyFloat_FromDouble((self->tag == 'f') ? self->value.f : self->value.d); ++ if (f == NULL) { ++ return NULL; ++ } ++ PyObject *result = PyUnicode_FromFormat("", self->tag, f); ++ Py_DECREF(f); ++ return result; ++ } + case 'c': + if (is_literal_char((unsigned char)self->value.c)) { +- sprintf(buffer, "", ++ return PyUnicode_FromFormat("", + self->tag, self->value.c); + } + else { +- sprintf(buffer, "", ++ return PyUnicode_FromFormat("", + self->tag, (unsigned char)self->value.c); + } +- break; + + /* Hm, are these 'z' and 'Z' codes useful at all? + Shouldn't they be replaced by the functionality of c_string +@@ -549,22 +538,20 @@ PyCArg_repr(PyCArgObject *self) + case 'z': + case 'Z': + case 'P': +- sprintf(buffer, "", ++ return PyUnicode_FromFormat("", + self->tag, self->value.p); + break; + + default: + if (is_literal_char((unsigned char)self->tag)) { +- sprintf(buffer, "", ++ return PyUnicode_FromFormat("", + (unsigned char)self->tag, (void *)self); + } + else { +- sprintf(buffer, "", ++ return PyUnicode_FromFormat("", + (unsigned char)self->tag, (void *)self); + } +- break; + } +- return PyUnicode_FromString(buffer); + } + + static PyMemberDef PyCArgType_members[] = { +-- +2.20.1 + diff --git a/package/python3/python3.mk b/package/python3/python3.mk index 8dbd0bab66..e85e704626 100644 --- a/package/python3/python3.mk +++ b/package/python3/python3.mk @@ -11,6 +11,9 @@ PYTHON3_SITE = https://python.org/ftp/python/$(PYTHON3_VERSION) PYTHON3_LICENSE = Python-2.0, others PYTHON3_LICENSE_FILES = LICENSE +# 0035-closes-bpo-42938-Replace-snprintf-with-Python-unicod.patch +PYTHON3_IGNORE_CVES += CVE-2021-3177 + # This host Python is installed in $(HOST_DIR), as it is needed when # cross-compiling third-party Python modules.