Merge branch '3.4' into backport-a897aee-3.4

serhiy-storchaka · serhiy-storchaka · commit 30a581e97a06 · 2017-12-26T13:09:06.000+02:00
diff --git a/Misc/ACKS b/Misc/ACKS
@@ -155,6 +155,7 @@ Gregory Bond
 Matias Bordese
 Jonas Borgström
 Jurjen Bos
+Jay Bosamiya
 Peter Bosch
 Dan Boswell
 Eric Bouck
@@ -616,6 +617,7 @@ Alan Hourihane
 Ken Howard
 Brad Howes
 Mike Hoy
+Miro Hrončok
 Chiu-Hsiang Hsu
 Chih-Hao Huang
 Christian Hudon
diff --git a/Misc/NEWS.d/next/Build/2017-09-07-19-19-19.bpo-29572.iZ1XKK.rst b/Misc/NEWS.d/next/Build/2017-09-07-19-19-19.bpo-29572.iZ1XKK.rst
@@ -0,0 +1 @@
+Update Windows build and OS X installers to use OpenSSL 1.0.2k.
diff --git a/Misc/NEWS.d/next/Security/2017-12-01-18-51-03.bpo-30657.Fd8kId.rst b/Misc/NEWS.d/next/Security/2017-12-01-18-51-03.bpo-30657.Fd8kId.rst
@@ -0,0 +1,2 @@
+Fixed possible integer overflow in PyBytes_DecodeEscape, CVE-2017-1000158.
+Original patch by Jay Bosamiya; rebased to Python 3 by Miro Hrončok.
diff --git a/Objects/bytesobject.c b/Objects/bytesobject.c
@@ -368,7 +368,13 @@ PyObject *PyBytes_DecodeEscape(const char *s,
     char *p, *buf;
     const char *end;
     PyObject *v;
-    Py_ssize_t newlen = recode_encoding ? 4*len:len;
+    Py_ssize_t newlen;
+    /* Check for integer overflow */
+    if (recode_encoding && (len > PY_SSIZE_T_MAX / 4)) {
+        PyErr_SetString(PyExc_OverflowError, "string is too large");
+        return NULL;
+    }
+    newlen = recode_encoding ? 4*len:len;
     v = PyBytes_FromStringAndSize((char *)NULL, newlen);
     if (v == NULL)
         return NULL;
diff --git a/PCbuild/get_externals.bat b/PCbuild/get_externals.bat
@@ -54,7 +54,7 @@ echo.Fetching external libraries...
 for %%e in (
             bzip2-1.0.6
             nasm-2.11.06
-            openssl-1.0.2j
+            openssl-1.0.2k
             tcl-8.6.1.0
             tk-8.6.1.0
             tix-8.4.3.4
diff --git a/PCbuild/pyproject.props b/PCbuild/pyproject.props
@@ -5,7 +5,7 @@
     <OutDir>$(SolutionDir)</OutDir>
     <IntDir>$(SolutionDir)$(PlatformName)-temp-$(Configuration)\$(ProjectName)\</IntDir>
     <LinkIncremental>false</LinkIncremental>
-  </PropertyGroup>  
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Platform)'=='x64'">
     <_ProjectFileVersion>10.0.30319.1</_ProjectFileVersion>
     <_PropertySheetDisplayName>amd64</_PropertySheetDisplayName>
@@ -20,7 +20,7 @@
     <sqlite3Dir>$(externalsDir)\sqlite-3.8.11.0</sqlite3Dir>
     <bz2Dir>$(externalsDir)\bzip2-1.0.6</bz2Dir>
     <lzmaDir>$(externalsDir)\xz-5.0.5</lzmaDir>
-    <opensslDir>$(externalsDir)\openssl-1.0.2j</opensslDir>
+    <opensslDir>$(externalsDir)\openssl-1.0.2k</opensslDir>
     <tcltkDir>$(externalsDir)\tcltk</tcltkDir>
     <tcltk64Dir>$(externalsDir)\tcltk64</tcltk64Dir>
     <tcltkLib>$(tcltkDir)\lib\tcl86t.lib;$(tcltkDir)\lib\tk86t.lib</tcltkLib>
diff --git a/PCbuild/readme.txt b/PCbuild/readme.txt
@@ -171,7 +171,7 @@ _lzma
     Homepage:
         http://tukaani.org/xz/
 _ssl
-    Python wrapper for version 1.0.2j of the OpenSSL secure sockets
+    Python wrapper for version 1.0.2k of the OpenSSL secure sockets
     library, which is built by ssl.vcxproj
     Homepage:
         http://www.openssl.org/

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+Update Windows build and OS X installers to use OpenSSL 1.0.2k.`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+Fixed possible integer overflow in PyBytes_DecodeEscape, CVE-2017-1000158.`
	`2`	`+Original patch by Jay Bosamiya; rebased to Python 3 by Miro Hrončok.`