--- /dev/null
+
+# HG changeset patch
+# User Benjamin Peterson <benjamin@python.org>
+# Date 1389671978 18000
+# Node ID 87673659d8f7ba1623cd4914f09ad3d2ade034e9
+# Parent 2631d33ee7fbd5f0288931ef37872218d511d2e8
+complain when nbytes > buflen to fix possible buffer overflow (closes #20246)
+
+diff --git a/Lib/test/test_socket.py b/Lib/test/test_socket.py
+--- a/Lib/test/test_socket.py
++++ b/Lib/test/test_socket.py
+@@ -1620,6 +1620,16 @@ class BufferIOTest(SocketConnectedTest):
+
+ _testRecvFromIntoMemoryview = _testRecvFromIntoArray
+
++ def testRecvFromIntoSmallBuffer(self):
++ # See issue #20246.
++ buf = bytearray(8)
++ self.assertRaises(ValueError, self.cli_conn.recvfrom_into, buf, 1024)
++
++ def _testRecvFromIntoSmallBuffer(self):
++ with test_support.check_py3k_warnings():
++ buf = buffer(MSG*2048)
++ self.serv_conn.send(buf)
++
+
+ TIPC_STYPE = 2000
+ TIPC_LOWER = 200
+diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c
+--- a/Modules/socketmodule.c
++++ b/Modules/socketmodule.c
+@@ -2742,6 +2742,10 @@ sock_recvfrom_into(PySocketSockObject *s
+ if (recvlen == 0) {
+ /* If nbytes was not specified, use the buffer's length */
+ recvlen = buflen;
++ } else if (recvlen > buflen) {
++ PyErr_SetString(PyExc_ValueError,
++ "nbytes is greater than the length of the buffer");
++ goto error;
+ }
+
+ readlen = sock_recvfrom_guts(s, buf.buf, recvlen, flags, &addr);
+
Summary(uk.UTF-8): Мова програмування дуже високого рівня з X-інтерфейсом
Name: python
Version: %{py_ver}.6
-Release: 1
+Release: 2
Epoch: 1
License: PSF
Group: Development/Languages/Python
Patch6: %{name}-distro.patch
Patch7: %{name}-DNStests.patch
Patch8: %{name}-ENOPROTOOPT-test.patch
+Patch9: %{name}-buffer-overflow.patch
URL: http://www.python.org/
BuildRequires: autoconf >= 2.65
BuildRequires: automake
%patch6 -p1
%patch7 -p1
%patch8 -p1
+%patch9 -p1
tar xjf %{SOURCE1}