Commits

Anonymous committed 61a3305

- Issue #2586: Fix CVE-2008-1721, zlib crash from
zlib.decompressobj().flush(val) when val is not positive.

Comments (0)

Files changed (2)

 - Issue #1179: Fix CVE-2007-4965 and CVE-2008-1679, multiple integer
   overflows in the imageop and rgbimgmodule modules.
 
+- Issue #2586: Fix CVE-2008-1721, zlib crash from
+  zlib.decompressobj().flush(val) when val is not positive.
+
 Extension Modules
 -----------------
 

Modules/zlibmodule.c

 
     if (!PyArg_ParseTuple(args, "|i:flush", &length))
 	return NULL;
+    if (length <= 0) {
+	PyErr_SetString(PyExc_ValueError, "length must be greater than zero");
+	return NULL;
+    }
     if (!(retval = PyString_FromStringAndSize(NULL, length)))
 	return NULL;
 
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.