]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 82d873a) | patch
python: CVE-2018-1000030
authorJagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
Wed, 22 Aug 2018 11:41:42 +0000 (17:11 +0530)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Wed, 29 Aug 2018 14:22:27 +0000 (15:22 +0100)
commit4b6c84e0f950f839bfb8c40f197197f838d8b733
tree72a72ae08f16768282f24c2841342270452db6datree | snapshot
parent82d873a1b73da25ae415afe0e6203693f78b88c9commit | diff
python: CVE-2018-1000030

* CVE-2018-1000030-1
[2.7] bpo-31530: Stop crashes when iterating over a file on multiple threads

* CVE-2018-1000030-2
Multiple threads iterating over a file can corrupt the file's internal readahead
buffer resulting in crashes. To fix this, cache buffer state thread-locally for
the duration of a file_iternext call and only update the file's internal state
after reading completes.

No attempt is made to define or provide "reasonable" semantics for iterating
over a file on multiple threads. (Non-crashing) races are still
present. Duplicated, corrupt, and missing data will happen.

This was originally fixed by 6401e56, which
raised an exception from seek() and next() when concurrent operations were
detected. Alas, this simpler solution breaks legitimate use cases such as
capturing the standard streams when multiple threads are logging.

Affects python <= 2.7.14

Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
meta/recipes-devtools/python/python.inc diff | blob | history
meta/recipes-devtools/python/python/CVE-2018-1000030-1.patch [new file with mode: 0644] blob
meta/recipes-devtools/python/python/CVE-2018-1000030-2.patch [new file with mode: 0644] blob
Mirror of the official openembedded-core repository