changeset: 94638:02865d22a98d branch: 2.7 parent: 94626:7d2018774925 user: Serhiy Storchaka date: Mon Feb 16 00:29:52 2015 +0200 files: Lib/dumbdbm.py Lib/test/test_dumbdbm.py Misc/NEWS description: Issue #22885: Fixed arbitrary code execution vulnerability in the dumbdbm module. Original patch by Claudiu Popa. diff -r 7d2018774925 -r 02865d22a98d Lib/dumbdbm.py --- a/Lib/dumbdbm.py Sun Feb 15 13:57:49 2015 +0200 +++ b/Lib/dumbdbm.py Mon Feb 16 00:29:52 2015 +0200 @@ -21,6 +21,7 @@ """ +import ast as _ast import os as _os import __builtin__ import UserDict @@ -85,7 +86,7 @@ with f: for line in f: line = line.rstrip() - key, pos_and_siz_pair = eval(line) + key, pos_and_siz_pair = _ast.literal_eval(line) self._index[key] = pos_and_siz_pair # Write the index dict to the directory file. The original directory diff -r 7d2018774925 -r 02865d22a98d Lib/test/test_dumbdbm.py --- a/Lib/test/test_dumbdbm.py Sun Feb 15 13:57:49 2015 +0200 +++ b/Lib/test/test_dumbdbm.py Mon Feb 16 00:29:52 2015 +0200 @@ -160,6 +160,14 @@ self.assertEqual(expected, got) f.close() + def test_eval(self): + with open(_fname + '.dir', 'w') as stream: + stream.write("str(__import__('sys').stdout.write('Hacked!')), 0\n") + with test_support.captured_stdout() as stdout: + with self.assertRaises(ValueError): + dumbdbm.open(_fname).close() + self.assertEqual(stdout.getvalue(), '') + def tearDown(self): _delete_files() diff -r 7d2018774925 -r 02865d22a98d Misc/NEWS --- a/Misc/NEWS Sun Feb 15 13:57:49 2015 +0200 +++ b/Misc/NEWS Mon Feb 16 00:29:52 2015 +0200 @@ -18,6 +18,9 @@ Library ------- +- Issue #22885: Fixed arbitrary code execution vulnerability in the dumbdbm + module. Original patch by Claudiu Popa. + - Issue #21849: Fixed xmlrpclib serialization of non-ASCII unicode strings in the multiprocessing module.