mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-12-10 02:50:09 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

Issue #22885: Fixed arbitrary code execution vulnerability in the dbm.dumb

Browse source 
module.  Original patch by Claudiu Popa.
This commit is contained in:
Serhiy Storchaka 2015-02-16 00:30:43 +02:00
parent 57fffd6f99
commit 74eb8b2d1a
3 changed files with 14 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
Lib/dbm/dumb.py
View file

@ -21,6 +21,7 @@ is read when the database is opened, and some updates rewrite the whole index)
"""
import ast as _ast
import io as _io
import os as _os
import collections
@ -85,7 +86,7 @@ class _Database(collections.MutableMapping):
with f:
for line in f:
line = line.rstrip()
key, pos_and_siz_pair = eval(line)
key, pos_and_siz_pair = _ast.literal_eval(line)
key = key.encode('Latin-1')
self._index[key] = pos_and_siz_pair