packages/python-pymongo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2024-21506

Browse Source 
Signed-off-by: liweigang <liweiganga@uniontech.com>
(cherry picked from commit 436bc9cc04089a0ec53924ce5e50754e8ed39d6c)
This commit is contained in:
liweigang 2024-04-07 11:10:06 +08:00 committed by openeuler-sync-bot
parent 54394ee00c
commit 42683a1e91
2 changed files with 54 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
backport-CVE-2024-21506.patch Normal file
View File

@ -0,0 +1,47 @@
From 56b6b6dbc267d365d97c037082369dabf37405d2 Mon Sep 17 00:00:00 2001
From: Shane Harvey <shnhrv@gmail.com>
Date: Wed, 27 Mar 2024 16:51:23 -0700
Subject: [PATCH] PYTHON-4305 Fix bson size check (#1564)
(cherry picked from commit 372b5d68d5a57ccc43b33407cd23f0bc79d99283)
---
bson/_cbsonmodule.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/bson/_cbsonmodule.c b/bson/_cbsonmodule.c
index 4e1881a275..da86cd8133 100644
--- a/bson/_cbsonmodule.c
+++ b/bson/_cbsonmodule.c
@@ -2405,6 +2405,7 @@ static PyObject* get_value(PyObject* self, PyObject* name, const char* buffer,
uint32_t c_w_s_size;
uint32_t code_size;
uint32_t scope_size;
+ uint32_t len;
PyObject* code;
PyObject* scope;
PyObject* code_type;
@@ -2424,7 +2425,8 @@ static PyObject* get_value(PyObject* self, PyObject* name, const char* buffer,
memcpy(&code_size, buffer + *position, 4);
code_size = BSON_UINT32_FROM_LE(code_size);
/* code_w_scope length + code length + code + scope length */
- if (!code_size || max < code_size || max < 4 + 4 + code_size + 4) {
+ len = 4 + 4 + code_size + 4;
+ if (!code_size || max < code_size || max < len || len < code_size) {
goto invalid;
}
*position += 4;
@@ -2442,12 +2444,9 @@ static PyObject* get_value(PyObject* self, PyObject* name, const char* buffer,
memcpy(&scope_size, buffer + *position, 4);
scope_size = BSON_UINT32_FROM_LE(scope_size);
- if (scope_size < BSON_MIN_SIZE) {
- Py_DECREF(code);
- goto invalid;
- }
/* code length + code + scope length + scope */
- if ((4 + code_size + 4 + scope_size) != c_w_s_size) {
+ len = 4 + 4 + code_size + scope_size;
+ if (scope_size < BSON_MIN_SIZE || len != c_w_s_size || len < scope_size) {
Py_DECREF(code);
goto invalid;
}

9
python-pymongo.spec
View File

@ -1,11 +1,12 @@
Name: python-pymongo Name: python-pymongo
Version: 4.3.3 Version: 4.3.3
Release: 1 Release: 2
License: Apache License 2.0 License: Apache License 2.0
Summary: PyMongo - the Python driver for MongoDB Summary: PyMongo - the Python driver for MongoDB
URL: https://github.com/mongodb/mongo-python-driver URL: https://github.com/mongodb/mongo-python-driver
Source0: %{pypi_source pymongo} Source0: %{pypi_source pymongo}
# Patch01: 0001-Use-ssl.match_hostname-from-the-Python-stdlib.patch # patch source: https://github.com/mongodb/mongo-python-driver/commit/56b6b6dbc267d365d97c037082369dabf37405d2
Patch01: backport-CVE-2024-21506.patch
BuildRequires: python3-devel python3-setuptools BuildRequires: python3-devel python3-setuptools
BuildRequires: python3-sphinx gcc python3-pip python3-dns BuildRequires: python3-sphinx gcc python3-pip python3-dns
@ -51,7 +52,6 @@ The PyMongo distribution contains tools for interacting with MongoDB database fr
%prep %prep
%autosetup -n pymongo-%{version} -p1 %autosetup -n pymongo-%{version} -p1
# rm pymongo/ssl_match_hostname.py
%build %build
%py3_build %py3_build
@ -83,6 +83,9 @@ python3 setup.py test
%{_docdir}/python3-pymongo %{_docdir}/python3-pymongo
%changelog %changelog
* Sun Apr 07 2024 liweigang <liweiganga@uniontech.com> - 4.3.3-2
- Fix CVE-2024-21506
* Thu May 18 2023 chenchen <chen_aka_jan@163.com> - 4.3.3-1 * Thu May 18 2023 chenchen <chen_aka_jan@163.com> - 4.3.3-1
- upgrade to 4.3.3 - upgrade to 4.3.3