From 0c381f5f060ebca2a02b30c6e3383b82e0d66b48 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Fri, 6 Dec 2024 19:10:36 +0100 Subject: [PATCH] python312: fix memory exhaustion vulnerability in asyncio.protocols https://mail.python.org/archives/list/security-announce@python.org/thread/H4O3UBAOAQQXGT4RE3E4XQYR5XLROORB/ Fixes:CVE-2024-12254 (cherry picked from commit 861d0835305e5c15194c4c999c7365b443989b8a) --- .../python/cpython/3.12/CVE-2024-12254.patch | 45 +++++++++++++++++++ .../interpreters/python/cpython/default.nix | 2 + 2 files changed, 47 insertions(+) create mode 100644 pkgs/development/interpreters/python/cpython/3.12/CVE-2024-12254.patch diff --git a/pkgs/development/interpreters/python/cpython/3.12/CVE-2024-12254.patch b/pkgs/development/interpreters/python/cpython/3.12/CVE-2024-12254.patch new file mode 100644 index 0000000000000..1a19a41d8d4ab --- /dev/null +++ b/pkgs/development/interpreters/python/cpython/3.12/CVE-2024-12254.patch @@ -0,0 +1,45 @@ +From e991ac8f2037d78140e417cc9a9486223eb3e786 Mon Sep 17 00:00:00 2001 +From: "J. Nick Koston" +Date: Thu, 5 Dec 2024 22:33:03 -0600 +Subject: [PATCH] gh-127655: Ensure `_SelectorSocketTransport.writelines` + pauses the protocol if needed (#127656) + +Ensure `_SelectorSocketTransport.writelines` pauses the protocol if it reaches the high water mark as needed. + +Co-authored-by: Kumar Aditya + +diff --git a/Lib/asyncio/selector_events.py b/Lib/asyncio/selector_events.py +index f94bf10b4225e7..f1ab9b12d69a5d 100644 +--- a/Lib/asyncio/selector_events.py ++++ b/Lib/asyncio/selector_events.py +@@ -1175,6 +1175,7 @@ def writelines(self, list_of_data): + # If the entire buffer couldn't be written, register a write handler + if self._buffer: + self._loop._add_writer(self._sock_fd, self._write_ready) ++ self._maybe_pause_protocol() + + def can_write_eof(self): + return True +diff --git a/Lib/test/test_asyncio/test_selector_events.py b/Lib/test/test_asyncio/test_selector_events.py +index aaeda33dd0c677..efca30f37414f9 100644 +--- a/Lib/test/test_asyncio/test_selector_events.py ++++ b/Lib/test/test_asyncio/test_selector_events.py +@@ -805,6 +805,18 @@ def test_writelines_send_partial(self): + self.assertTrue(self.sock.send.called) + self.assertTrue(self.loop.writers) + ++ def test_writelines_pauses_protocol(self): ++ data = memoryview(b'data') ++ self.sock.send.return_value = 2 ++ self.sock.send.fileno.return_value = 7 ++ ++ transport = self.socket_transport() ++ transport._high_water = 1 ++ transport.writelines([data]) ++ self.assertTrue(self.protocol.pause_writing.called) ++ self.assertTrue(self.sock.send.called) ++ self.assertTrue(self.loop.writers) ++ + @unittest.skipUnless(selector_events._HAS_SENDMSG, 'no sendmsg') + def test_write_sendmsg_full(self): + data = memoryview(b'data') diff --git a/pkgs/development/interpreters/python/cpython/default.nix b/pkgs/development/interpreters/python/cpython/default.nix index 20c7c0c145ef5..9ad20b41f731f 100644 --- a/pkgs/development/interpreters/python/cpython/default.nix +++ b/pkgs/development/interpreters/python/cpython/default.nix @@ -298,6 +298,8 @@ in with passthru; stdenv.mkDerivation (finalAttrs: { ] ++ optionals (pythonOlder "3.12") [ # https://github.com/python/cpython/issues/90656 ./loongarch-support.patch + ] ++ optionals (pythonAtLeast "3.12") [ + ./3.12/CVE-2024-12254.patch ] ++ optionals (pythonAtLeast "3.11" && pythonOlder "3.13") [ # backport fix for https://github.com/python/cpython/issues/95855 ./platform-triplet-detection.patch