From 95c746509f4ec9d9028eaac7c8faf204590aebb0 Mon Sep 17 00:00:00 2001 From: Anssi Hannula <anssi.hannula@iki.fi> Date: Sat, 13 Nov 2010 18:41:22 +0200 Subject: [PATCH 14/15] fixed: CVE-2010-3492 in internal python (Mandriva) --- xbmc/lib/libPython/Python/Lib/asyncore.py | 17 +++++++++++++---- xbmc/lib/libPython/Python/Lib/smtpd.py | 3 +-- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/xbmc/lib/libPython/Python/Lib/asyncore.py b/xbmc/lib/libPython/Python/Lib/asyncore.py index a2387a1..2bc9038 100644 --- a/xbmc/lib/libPython/Python/Lib/asyncore.py +++ b/xbmc/lib/libPython/Python/Lib/asyncore.py @@ -320,12 +320,15 @@ class dispatcher: # XXX can return either an address pair or None try: conn, addr = self.socket.accept() - return conn, addr + except TypeError: + return None except socket.error, why: - if why[0] == EWOULDBLOCK: - pass + if why[0] in (EWOULDBLOCK, ECONNABORTED): + return None else: raise + else: + return conn, addr def send(self, data): try: @@ -433,7 +436,13 @@ class dispatcher: self.log_info('unhandled connect event', 'warning') def handle_accept(self): - self.log_info('unhandled accept event', 'warning') + pair = self.accept() + if pair is not None: + self.handle_accepted(*pair) + + def handle_accepted(self, sock, addr): + sock.close() + self.log_info('unhandled accepted event', 'warning') def handle_close(self): self.log_info('unhandled close event', 'warning') diff --git a/xbmc/lib/libPython/Python/Lib/smtpd.py b/xbmc/lib/libPython/Python/Lib/smtpd.py index c656ec7..83596a4 100755 --- a/xbmc/lib/libPython/Python/Lib/smtpd.py +++ b/xbmc/lib/libPython/Python/Lib/smtpd.py @@ -284,8 +284,7 @@ class SMTPServer(asyncore.dispatcher): self.__class__.__name__, time.ctime(time.time()), localaddr, remoteaddr) - def handle_accept(self): - conn, addr = self.accept() + def handle_accepted(self, conn, addr): print >> DEBUGSTREAM, 'Incoming connection from %s' % repr(addr) channel = SMTPChannel(self, conn, addr) -- 1.7.3