--- python-cjson-1.0.5.orig/jsontest.py +++ python-cjson-1.0.5/jsontest.py @@ -316,6 +316,18 @@ def testWriteLong(self): self.assertEqual("12345678901234567890", cjson.encode(12345678901234567890)) + + def testWriteLongUnicode(self): + # This test causes a buffer overrun in cjson 1.0.5, on UCS4 builds. + # The string length is only resized for wide unicode characters if + # there is less than 12 bytes of space left. Padding with + # narrow-but-escaped characters prevents string resizing. + # Note that u'\U0001D11E\u1234' also breaks, but sometimes goes + # undetected. + s = cjson.encode(u'\U0001D11E\U0001D11E\U0001D11E\U0001D11E' + u'\u1234\u1234\u1234\u1234\u1234\u1234') + self.assertEqual(r'"\U0001d11e\U0001d11e\U0001d11e\U0001d11e' + r'\u1234\u1234\u1234\u1234\u1234\u1234"', s) def main(): unittest.main() --- python-cjson-1.0.5.orig/cjson.c +++ python-cjson-1.0.5/cjson.c @@ -613,6 +613,25 @@ char *p; static const char *hexdigit = "0123456789abcdef"; +#ifdef Py_UNICODE_WIDE + const Py_ssize_t expandsize = 10; +#else + const Py_ssize_t expandsize = 6; +#endif + + /* Initial allocation is based on the longest-possible unichr + escape. + + In wide (UTF-32) builds '\U00xxxxxx' is 10 chars per source + unichr, so in this case it's the longest unichr escape. In + narrow (UTF-16) builds this is five chars per source unichr + since there are two unichrs in the surrogate pair, so in narrow + (UTF-16) builds it's not the longest unichr escape. + + In wide or narrow builds '\uxxxx' is 6 chars per source unichr, + so in the narrow (UTF-16) build case it's the longest unichr + escape. + */ s = PyUnicode_AS_UNICODE(unicode); size = PyUnicode_GET_SIZE(unicode); @@ -623,7 +642,7 @@ return NULL; } - repr = PyString_FromStringAndSize(NULL, 2 + 6*size + 1); + repr = PyString_FromStringAndSize(NULL, 2 + expandsize*size + 1); if (repr == NULL) return NULL; @@ -644,15 +663,6 @@ #ifdef Py_UNICODE_WIDE /* Map 21-bit characters to '\U00xxxxxx' */ else if (ch >= 0x10000) { - int offset = p - PyString_AS_STRING(repr); - - /* Resize the string if necessary */ - if (offset + 12 > PyString_GET_SIZE(repr)) { - if (_PyString_Resize(&repr, PyString_GET_SIZE(repr) + 100)) - return NULL; - p = PyString_AS_STRING(repr) + offset; - } - *p++ = '\\'; *p++ = 'U'; *p++ = hexdigit[(ch >> 28) & 0x0000000F]; --- python-cjson-1.0.5.orig/debian/changelog +++ python-cjson-1.0.5/debian/changelog @@ -0,0 +1,20 @@ +python-cjson (1.0.5-1ubuntu0.8.04.1) hardy-security; urgency=low + + * SECURITY UPDATE: Fixed potential buffer overflow error when encoding wide + unicode characters on UCS4 builds (LP: #585274) + - CVE-2010-1666 + + -- Matt Giuca Wed, 26 May 2010 10:50:08 +1000 + +python-cjson (1.0.5-1) unstable; urgency=low + + * New upstream version + + -- Bernd Zeimetz Fri, 24 Aug 2007 16:12:17 +0200 + +python-cjson (1.0.4-1) unstable; urgency=low + + * Initial release (Closes: #420606) + + -- Bernd Zeimetz Wed, 15 Aug 2007 00:35:27 +0200 + --- python-cjson-1.0.5.orig/debian/python-cjson.install +++ python-cjson-1.0.5/debian/python-cjson.install @@ -0,0 +1 @@ +debian/tmp/usr/lib/python* --- python-cjson-1.0.5.orig/debian/control +++ python-cjson-1.0.5/debian/control @@ -0,0 +1,46 @@ +Source: python-cjson +Section: python +Priority: optional +Maintainer: Ubuntu MOTU Developers +XSBC-Original-Maintainer: Debian Python Modules Team +Uploaders: Bernd Zeimetz , Dan Pascu +Build-Depends: cdbs (>= 0.4.47), debhelper (>= 5.0.42), python-all-dev (>= 2.4.4-1), python-all-dbg, python-support +Standards-Version: 3.7.2 + +Package: python-cjson +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${python:Depends} +Suggests: python-cjson-dbg +Description: Very fast JSON encoder/decoder for Python + JSON stands for JavaScript Object Notation and is a text based lightweight + data exchange format which is easy for humans to read/write and for machines + to parse/generate. JSON is completely language independent and has multiple + implementations in most of the programming languages, making it ideal for + data exchange and storage. + . + The module is written in C and it is up to 250 times faster when compared to + the other python JSON implementations which are written directly in python. + This speed gain varies with the complexity of the data and the operation and + is the the range of 10-200 times for encoding operations and in the range of + 100-250 times for decoding operations. + . + Homepage: http://cheeseshop.python.org/pypi/python-cjson + +Package: python-cjson-dbg +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${python:Depends}, python-cjson (= ${binary:Version}), python-dbg +Description: Very fast JSON encoder/decoder for Python (debug extension) + JSON stands for JavaScript Object Notation and is a text based lightweight + data exchange format which is easy for humans to read/write and for machines + to parse/generate. JSON is completely language independent and has multiple + implementations in most of the programming languages, making it ideal for + data exchange and storage. + . + The module is written in C and it is up to 250 times faster when compared to + the other python JSON implementations which are written directly in python. + This speed gain varies with the complexity of the data and the operation and + is the the range of 10-200 times for encoding operations and in the range of + 100-250 times for decoding operations. + . + Homepage: http://cheeseshop.python.org/pypi/python-cjson + --- python-cjson-1.0.5.orig/debian/rules +++ python-cjson-1.0.5/debian/rules @@ -0,0 +1,29 @@ +#!/usr/bin/make -f + +DEB_PYTHON_SYSTEM=pysupport +DEB_COMPRESS_EXCLUDE := .py + +include /usr/share/cdbs/1/rules/debhelper.mk +include /usr/share/cdbs/1/class/python-distutils.mk + + +build/python-cjson-dbg:: + set -e; \ + for i in $(cdbs_python_build_versions); do \ + python$$i-dbg ./setup.py build; \ + done + +install/python-cjson-dbg:: + for i in $(cdbs_python_build_versions); do \ + python$$i-dbg ./setup.py install --root $(CURDIR)/debian/python-cjson-dbg; \ + done + find debian/python-cjson-dbg \ + ! -type d ! -name '*_d.so' | xargs rm -f + find debian/python-cjson-dbg -depth -empty -exec rmdir {} \; + +binary-predeb/python-cjson-dbg:: + rm -rf debian/python-cjson-dbg/usr/share/doc/python-cjson-dbg + ln -s python-cjson debian/python-cjson-dbg/usr/share/doc/python-cjson-dbg + +clean:: + rm -rf build --- python-cjson-1.0.5.orig/debian/copyright +++ python-cjson-1.0.5/debian/copyright @@ -0,0 +1,63 @@ +This package was debianized by Bernd Zeimetz on +Wed, 15 Aug 2007 00:35:27 +0200. + +It was downloaded from http://cheeseshop.python.org/pypi/python-cjson + +Upstream Author: + + Dan Pascu + +Copyright: + + Copyright (C) 2006-2007 Dan Pascu + +License: + + This package is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this package; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + +On Debian systems, the complete text of the GNU Lesser General +Public License, version 2, can be found in `/usr/share/common-licenses/LGPL-2'. + +The Debian packaging is (C) 2007, Bernd Zeimetz and is +licensed under the LGPL, either version 2 of the License, or (at your option) +any later version - see above. + + + +Files with different licenses/copyrights: + +* jsontest.py: + + this test suite is an almost verbatim copy of the jsontest.py test suite + found in json-py available from http://sourceforge.net/projects/json-py/ + + Copyright (C) 2005 Patrick D. Logan + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. + +On Debian systems, the complete text of the GNU Lesser General +Public License, version 2.1, can be found in `/usr/share/common-licenses/LGPL-2.1'. --- python-cjson-1.0.5.orig/debian/watch +++ python-cjson-1.0.5/debian/watch @@ -0,0 +1,6 @@ +# Compulsory line, this is a version 3 file +version=3 + +opts="filenamemangle=s/.*\/([^#]*)#.*/$1/" \ +http://cheeseshop.python.org/pypi/python-cjson http://pypi\.python\.org/packages/source/p/python-cjson/python-cjson-(.*)\.tar\.gz#md5=.* + --- python-cjson-1.0.5.orig/debian/pycompat +++ python-cjson-1.0.5/debian/pycompat @@ -0,0 +1 @@ +2 --- python-cjson-1.0.5.orig/debian/docs +++ python-cjson-1.0.5/debian/docs @@ -0,0 +1 @@ +README --- python-cjson-1.0.5.orig/debian/compat +++ python-cjson-1.0.5/debian/compat @@ -0,0 +1 @@ +5