c0ee83d10b
Fix CVE-2020-10735 https://github.com/python/cpython/blob/v3.10.7/Misc/NEWS.d/3.10.7.rst Signed-off-by: Daniel Lang <d.lang@abatec.at> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
43 lines
1.6 KiB
Diff
43 lines
1.6 KiB
Diff
From 3c83eedcc2df3ecf6c4a17953ca24dff60c1378e Mon Sep 17 00:00:00 2001
|
|
From: Romain Naour <romain.naour@gmail.com>
|
|
Date: Thu, 12 Nov 2020 00:16:18 +0100
|
|
Subject: [PATCH] lib/crypt: uClibc-ng doesn't set errno when encryption method
|
|
is not available
|
|
|
|
Since commit [1] in cpython, an exception is raised when an encryption method
|
|
is not available. This eception is handled only if errno is set to EINVAL by
|
|
crypt() but uClibc-ng doesn't set errno in crypt() [2].
|
|
|
|
Fixes:
|
|
https://gitlab.com/buildroot.org/buildroot/-/jobs/830981961
|
|
https://gitlab.com/buildroot.org/buildroot/-/jobs/830981979
|
|
|
|
[1] https://github.com/python/cpython/commit/0d3fe8ae4961bf551e7d5e42559e2ede1a08fd7c
|
|
[2] https://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/tree/libcrypt/crypt.c?h=v1.0.36#n29
|
|
|
|
Signed-off-by: Romain Naour <romain.naour@gmail.com>
|
|
[Daniel: updated for 3.10.7]
|
|
Signed-off-by: Daniel Lang <d.lang@abatec.at>
|
|
---
|
|
Lib/crypt.py | 4 +++-
|
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/Lib/crypt.py b/Lib/crypt.py
|
|
index 33dbc46bb3..4692a5270c 100644
|
|
--- a/Lib/crypt.py
|
|
+++ b/Lib/crypt.py
|
|
@@ -94,7 +94,9 @@ def _add_method(name, *args, rounds=None):
|
|
result = crypt('', salt)
|
|
except OSError as e:
|
|
# Not all libc libraries support all encryption methods.
|
|
- if e.errno in {errno.EINVAL, errno.EPERM, errno.ENOSYS}:
|
|
+ # Not all libc libraries set errno when encryption method is not
|
|
+ # available.
|
|
+ if e.errno in {errno.EINVAL, errno.EPERM, errno.ENOSYS} or e.errno == 0:
|
|
return False
|
|
raise
|
|
if result and len(result) == method.total_size:
|
|
--
|
|
2.25.4
|
|
|