changeset: 94639:693bf15b4314 branch: 3.4 parent: 94635:0f8f24dab34b user: Serhiy Storchaka date: Mon Feb 16 00:30:43 2015 +0200 files: Lib/dbm/dumb.py Lib/test/test_dbm_dumb.py Misc/NEWS description: Issue #22885: Fixed arbitrary code execution vulnerability in the dbm.dumb module. Original patch by Claudiu Popa. diff -r 0f8f24dab34b -r 693bf15b4314 Lib/dbm/dumb.py --- a/Lib/dbm/dumb.py Sun Feb 15 18:03:59 2015 +0100 +++ b/Lib/dbm/dumb.py Mon Feb 16 00:30:43 2015 +0200 @@ -21,6 +21,7 @@ """ +import ast as _ast import io as _io import os as _os import collections @@ -85,7 +86,7 @@ with f: for line in f: line = line.rstrip() - key, pos_and_siz_pair = eval(line) + key, pos_and_siz_pair = _ast.literal_eval(line) key = key.encode('Latin-1') self._index[key] = pos_and_siz_pair diff -r 0f8f24dab34b -r 693bf15b4314 Lib/test/test_dbm_dumb.py --- a/Lib/test/test_dbm_dumb.py Sun Feb 15 18:03:59 2015 +0100 +++ b/Lib/test/test_dbm_dumb.py Mon Feb 16 00:30:43 2015 +0200 @@ -217,6 +217,15 @@ self.assertEqual(str(cm.exception), "DBM object has already been closed") + def test_eval(self): + with open(_fname + '.dir', 'w') as stream: + stream.write("str(print('Hacked!')), 0\n") + with support.captured_stdout() as stdout: + with self.assertRaises(ValueError): + with dumbdbm.open(_fname) as f: + pass + self.assertEqual(stdout.getvalue(), '') + def tearDown(self): _delete_files() diff -r 0f8f24dab34b -r 693bf15b4314 Misc/NEWS --- a/Misc/NEWS Sun Feb 15 18:03:59 2015 +0100 +++ b/Misc/NEWS Mon Feb 16 00:30:43 2015 +0200 @@ -13,6 +13,9 @@ Library ------- +- Issue #22885: Fixed arbitrary code execution vulnerability in the dbm.dumb + module. Original patch by Claudiu Popa. + - Issue #23146: Fix mishandling of absolute Windows paths with forward slashes in pathlib.