Skip to content

Commit 01feb5a

Browse files
doko42doko42
committed
- Issue python#2586: Fix CVE-2008-1721, zlib crash from
 zlib.decompressobj().flush(val) when val is not positive.
1 parent 8ad5f45 commit 01feb5a

File tree

2 files changed

+7
-0
lines changed

2 files changed

+7
-0
lines changed

Misc/NEWS

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,9 @@ Core and builtins
2424
- Issue #1179: Fix CVE-2007-4965 and CVE-2008-1679, multiple integer
2525
overflows in the imageop and rgbimgmodule modules.
2626

27+
- Issue #2586: Fix CVE-2008-1721, zlib crash from
28+
zlib.decompressobj().flush(val) when val is not positive.
29+
2730
Extension Modules
2831
-----------------
2932

Modules/zlibmodule.c

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -669,6 +669,10 @@ PyZlib_unflush(compobject *self, PyObject *args)
669669

670670
if (!PyArg_ParseTuple(args, "|i:flush", &length))
671671
return NULL;
672+
if (length <= 0) {
673+
PyErr_SetString(PyExc_ValueError, "length must be greater than zero");
674+
return NULL;
675+
}
672676
if (!(retval = PyString_FromStringAndSize(NULL, length)))
673677
return NULL;
674678

0 commit comments

Comments
 (0)