Skip to content

Commit

Permalink
python312: fix memory exhaustion vulnerability in asyncio.protocols
Browse files Browse the repository at this point in the history 
https://mail.python.org/archives/list/[email protected]/thread/H4O3UBAOAQQXGT4RE3E4XQYR5XLROORB/

Fixes:CVE-2024-12254
(cherry picked from commit 861d083)
  • Loading branch information
@mweinelt @github-actions
mweinelt authored and github-actions[bot] committed Dec 8, 2024
1 parent 36c7e61 commit 0c381f5
Show file tree
Hide file tree
Showing 2 changed files with 47 additions and 0 deletions.
45 changes: 45 additions & 0 deletions pkgs/development/interpreters/python/cpython/3.12/CVE-2024-12254.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
From e991ac8f2037d78140e417cc9a9486223eb3e786 Mon Sep 17 00:00:00 2001
From: "J. Nick Koston" <[email protected]>
Date: Thu, 5 Dec 2024 22:33:03 -0600
Subject: [PATCH] gh-127655: Ensure `_SelectorSocketTransport.writelines`
pauses the protocol if needed (#127656)

Ensure `_SelectorSocketTransport.writelines` pauses the protocol if it reaches the high water mark as needed.

Co-authored-by: Kumar Aditya <[email protected]>

diff --git a/Lib/asyncio/selector_events.py b/Lib/asyncio/selector_events.py
index f94bf10b4225e7..f1ab9b12d69a5d 100644
--- a/Lib/asyncio/selector_events.py
+++ b/Lib/asyncio/selector_events.py
@@ -1175,6 +1175,7 @@ def writelines(self, list_of_data):
# If the entire buffer couldn't be written, register a write handler
if self._buffer:
self._loop._add_writer(self._sock_fd, self._write_ready)
+ self._maybe_pause_protocol()

def can_write_eof(self):
return True
diff --git a/Lib/test/test_asyncio/test_selector_events.py b/Lib/test/test_asyncio/test_selector_events.py
index aaeda33dd0c677..efca30f37414f9 100644
--- a/Lib/test/test_asyncio/test_selector_events.py
+++ b/Lib/test/test_asyncio/test_selector_events.py
@@ -805,6 +805,18 @@ def test_writelines_send_partial(self):
self.assertTrue(self.sock.send.called)
self.assertTrue(self.loop.writers)

+ def test_writelines_pauses_protocol(self):
+ data = memoryview(b'data')
+ self.sock.send.return_value = 2
+ self.sock.send.fileno.return_value = 7
+
+ transport = self.socket_transport()
+ transport._high_water = 1
+ transport.writelines([data])
+ self.assertTrue(self.protocol.pause_writing.called)
+ self.assertTrue(self.sock.send.called)
+ self.assertTrue(self.loop.writers)
+
@unittest.skipUnless(selector_events._HAS_SENDMSG, 'no sendmsg')
def test_write_sendmsg_full(self):
data = memoryview(b'data')
2 changes: 2 additions & 0 deletions pkgs/development/interpreters/python/cpython/default.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -298,6 +298,8 @@ in with passthru; stdenv.mkDerivation (finalAttrs: {
] ++ optionals (pythonOlder "3.12") [
# https://github.com/python/cpython/issues/90656
./loongarch-support.patch
] ++ optionals (pythonAtLeast "3.12") [
./3.12/CVE-2024-12254.patch
] ++ optionals (pythonAtLeast "3.11" && pythonOlder "3.13") [
# backport fix for https://github.com/python/cpython/issues/95855
./platform-triplet-detection.patch
Expand Down

0 comments on commit 0c381f5

Please sign in to comment.