From: JinWang An Date: Mon, 26 Apr 2021 07:05:29 +0000 (+0900) Subject: [CVE-2020-27619]No longer call eval() on content received via HTTP in the CJK codec... X-Git-Tag: submit/tizen_6.0_base/20210521.062029~6 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=0c90402d59db5b5f6769ea96be95790329096587;p=platform%2Fupstream%2Fpython3.git [CVE-2020-27619]No longer call eval() on content received via HTTP in the CJK codec tests In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. Change-Id: I1fe49373b30007f2140a06d74dd21dbd6fd1ea5a Signed-off-by: JinWang An --- diff --git a/Lib/test/multibytecodec_support.py b/Lib/test/multibytecodec_support.py index cca8af67..31d5e0be 100644 --- a/Lib/test/multibytecodec_support.py +++ b/Lib/test/multibytecodec_support.py @@ -305,29 +305,21 @@ class TestBase_Mapping(unittest.TestCase): self._test_mapping_file_plain() def _test_mapping_file_plain(self): - unichrs = lambda s: ''.join(map(chr, map(eval, s.split('+')))) + def unichrs(s): + return ''.join(chr(int(x, 16)) for x in s.split('+')) urt_wa = {} with self.open_mapping_file() as f: for line in f: if not line: break - data = line.split('#')[0].strip().split() + data = line.split('#')[0].split() if len(data) != 2: continue - - csetval = eval(data[0]) - if csetval <= 0x7F: - csetch = bytes([csetval & 0xff]) - elif csetval >= 0x1000000: - csetch = bytes([(csetval >> 24), ((csetval >> 16) & 0xff), - ((csetval >> 8) & 0xff), (csetval & 0xff)]) - elif csetval >= 0x10000: - csetch = bytes([(csetval >> 16), ((csetval >> 8) & 0xff), - (csetval & 0xff)]) - elif csetval >= 0x100: - csetch = bytes([(csetval >> 8), (csetval & 0xff)]) - else: + if data[0][:2] != '0x': + self.fail(f"Invalid line: {line!r}") + csetch = bytes.fromhex(data[0][2:]) + if len(csetch) == 1 and 0x80 <= csetch[0]: continue unich = unichrs(data[1])