diff options
| author |   Serhiy Storchaka <storchaka@gmail.com> | 2015-02-16 00:30:43 +0200 |
|---|---|---|
| committer | Serhiy Storchaka <storchaka@gmail.com> | 2015-02-16 00:30:43 +0200 |
| commit | 74eb8b2d1a1db905cffc4efcd1cefaf1f725cd81 (patch) | |
| tree | 55874458c25a5c5cf90ce30a120ce50f9cc43f62 /Lib/dbm | |
| parent | Issue #23146: Fix mishandling of absolute Windows paths with forward slashes ... (diff) | |
| download | cpython-74eb8b2d1a1db905cffc4efcd1cefaf1f725cd81.tar.gz cpython-74eb8b2d1a1db905cffc4efcd1cefaf1f725cd81.tar.bz2 cpython-74eb8b2d1a1db905cffc4efcd1cefaf1f725cd81.zip | |
Issue #22885: Fixed arbitrary code execution vulnerability in the dbm.dumb
module. Original patch by Claudiu Popa.
Diffstat (limited to 'Lib/dbm')
| -rw-r--r-- | Lib/dbm/dumb.py | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/Lib/dbm/dumb.py b/Lib/dbm/dumb.py index 8f48aadade8..a9ead68ce45 100644 --- a/Lib/dbm/dumb.py +++ b/Lib/dbm/dumb.py @@ -21,6 +21,7 @@ is read when the database is opened, and some updates rewrite the whole index) """ +import ast as _ast import io as _io import os as _os import collections @@ -85,7 +86,7 @@ class _Database(collections.MutableMapping): with f: for line in f: line = line.rstrip() - key, pos_and_siz_pair = eval(line) + key, pos_and_siz_pair = _ast.literal_eval(line) key = key.encode('Latin-1') self._index[key] = pos_and_siz_pair |