| From 3ffc80959f01f9fde548f1632694b9f950c2dd7c Mon Sep 17 00:00:00 2001 |
| From: Christian Heimes <christian@python.org> |
| Date: Tue, 18 Sep 2018 15:13:09 +0200 |
| Subject: [PATCH] [2.7] bpo-34623: Use XML_SetHashSalt in _elementtree |
| (GH-9146) (GH-9394) |
| |
| The C accelerated _elementtree module now initializes hash randomization |
| salt from _Py_HashSecret instead of libexpat's default CPRNG. |
| |
| Signed-off-by: Christian Heimes <christian@python.org> |
| |
| https://bugs.python.org/issue34623. |
| (cherry picked from commit cb5778f00ce48631c7140f33ba242496aaf7102b) |
| |
| Co-authored-by: Christian Heimes <christian@python.org> |
| |
| |
| |
| https://bugs.python.org/issue34623 |
| |
| Upstream-Status: Backport |
| CVE: CVE-2018-14647 |
| Signed-off-by: Chen Qi <Qi.Chen@windriver.com> |
| --- |
| Include/pyexpat.h | 4 +++- |
| Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst | 2 ++ |
| Modules/_elementtree.c | 5 +++++ |
| Modules/pyexpat.c | 5 +++++ |
| 4 files changed, 15 insertions(+), 1 deletion(-) |
| create mode 100644 Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst |
| |
| diff --git a/Include/pyexpat.h b/Include/pyexpat.h |
| index 5340ef5..3fc5fa5 100644 |
| --- a/Include/pyexpat.h |
| +++ b/Include/pyexpat.h |
| @@ -3,7 +3,7 @@ |
| |
| /* note: you must import expat.h before importing this module! */ |
| |
| -#define PyExpat_CAPI_MAGIC "pyexpat.expat_CAPI 1.0" |
| +#define PyExpat_CAPI_MAGIC "pyexpat.expat_CAPI 1.1" |
| #define PyExpat_CAPSULE_NAME "pyexpat.expat_CAPI" |
| |
| struct PyExpat_CAPI |
| @@ -43,6 +43,8 @@ struct PyExpat_CAPI |
| XML_Parser parser, XML_UnknownEncodingHandler handler, |
| void *encodingHandlerData); |
| void (*SetUserData)(XML_Parser parser, void *userData); |
| + /* might be none for expat < 2.1.0 */ |
| + int (*SetHashSalt)(XML_Parser parser, unsigned long hash_salt); |
| /* always add new stuff to the end! */ |
| }; |
| |
| diff --git a/Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst b/Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst |
| new file mode 100644 |
| index 0000000..31ad92e |
| --- /dev/null |
| +++ b/Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst |
| @@ -0,0 +1,2 @@ |
| +The C accelerated _elementtree module now initializes hash randomization |
| +salt from _Py_HashSecret instead of libexpat's default CSPRNG. |
| diff --git a/Modules/_elementtree.c b/Modules/_elementtree.c |
| index 1d316a1..a19cbf7 100644 |
| --- a/Modules/_elementtree.c |
| +++ b/Modules/_elementtree.c |
| @@ -2574,6 +2574,11 @@ xmlparser(PyObject* self_, PyObject* args, PyObject* kw) |
| PyErr_NoMemory(); |
| return NULL; |
| } |
| + /* expat < 2.1.0 has no XML_SetHashSalt() */ |
| + if (EXPAT(SetHashSalt) != NULL) { |
| + EXPAT(SetHashSalt)(self->parser, |
| + (unsigned long)_Py_HashSecret.prefix); |
| + } |
| |
| ALLOC(sizeof(XMLParserObject), "create expatparser"); |
| |
| diff --git a/Modules/pyexpat.c b/Modules/pyexpat.c |
| index 2b4d312..1f8c0d7 100644 |
| --- a/Modules/pyexpat.c |
| +++ b/Modules/pyexpat.c |
| @@ -2042,6 +2042,11 @@ MODULE_INITFUNC(void) |
| capi.SetProcessingInstructionHandler = XML_SetProcessingInstructionHandler; |
| capi.SetUnknownEncodingHandler = XML_SetUnknownEncodingHandler; |
| capi.SetUserData = XML_SetUserData; |
| +#if XML_COMBINED_VERSION >= 20100 |
| + capi.SetHashSalt = XML_SetHashSalt; |
| +#else |
| + capi.SetHashSalt = NULL; |
| +#endif |
| |
| /* export using capsule */ |
| capi_object = PyCapsule_New(&capi, PyExpat_CAPSULE_NAME, NULL); |
| -- |
| 2.7.4 |
| |