From 21904689872d0228d8531672c81fc13fc221739c Mon Sep 17 00:00:00 2001 From: Anssi Hannula <anssi.hannula@iki.fi> Date: Sat, 13 Nov 2010 08:00:51 +0200 Subject: [PATCH 05/15] fixed: CVE-2008-1721 in internal python (upstream) --- xbmc/lib/libPython/Python/Modules/zlibmodule.c | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/xbmc/lib/libPython/Python/Modules/zlibmodule.c b/xbmc/lib/libPython/Python/Modules/zlibmodule.c index 35b8c32..60b3eea 100644 --- a/xbmc/lib/libPython/Python/Modules/zlibmodule.c +++ b/xbmc/lib/libPython/Python/Modules/zlibmodule.c @@ -669,6 +669,10 @@ PyZlib_unflush(compobject *self, PyObject *args) if (!PyArg_ParseTuple(args, "|i:flush", &length)) return NULL; + if (length <= 0) { + PyErr_SetString(PyExc_ValueError, "length must be greater than zero"); + return NULL; + } if (!(retval = PyString_FromStringAndSize(NULL, length))) return NULL; -- 1.7.3