From cc0722e290234c69551d21289163593763d53691 Mon Sep 17 00:00:00 2001 From: Anssi Hannula <anssi.hannula@iki.fi> Date: Sat, 13 Nov 2010 18:43:23 +0200 Subject: [PATCH 15/15] fixed: CVE-2010-3493 in internal python (Mandriva) --- xbmc/lib/libPython/Python/Lib/smtpd.py | 10 +++++++++- 1 files changed, 9 insertions(+), 1 deletions(-) diff --git a/xbmc/lib/libPython/Python/Lib/smtpd.py b/xbmc/lib/libPython/Python/Lib/smtpd.py index 83596a4..5cfdd31 100755 --- a/xbmc/lib/libPython/Python/Lib/smtpd.py +++ b/xbmc/lib/libPython/Python/Lib/smtpd.py @@ -121,7 +121,15 @@ class SMTPChannel(asynchat.async_chat): self.__rcpttos = [] self.__data = '' self.__fqdn = socket.getfqdn() - self.__peer = conn.getpeername() + try: + self.__peer = conn.getpeername() + except socket.error as err: + # a race condition may occur if the other end is closing + # before we can get the peername + self.close() + if err.args[0] != errno.ENOTCONN: + raise + return print >> DEBUGSTREAM, 'Peer:', repr(self.__peer) self.push('220 %s %s' % (self.__fqdn, __version__)) self.set_terminator('\r\n') -- 1.7.3