From 47b888c0c89c94670fb7eb61b85a1da00c4a9e82 Mon Sep 17 00:00:00 2001 From: mat Date: Sat, 30 Nov 2019 09:05:26 +0000 Subject: [PATCH 1/4] Removed newline characters from uu encoding methods --- Lib/encodings/uu_codec.py | 4 ++++ Lib/uu.py | 7 +++++++ 2 files changed, 11 insertions(+) diff --git a/Lib/encodings/uu_codec.py b/Lib/encodings/uu_codec.py index 2a5728fb5b74ad..4e58c62fe9ef0f 100644 --- a/Lib/encodings/uu_codec.py +++ b/Lib/encodings/uu_codec.py @@ -20,6 +20,10 @@ def uu_encode(input, errors='strict', filename='', mode=0o666): read = infile.read write = outfile.write + # Remove newline chars from filename + filename = filename.replace('\n','\\n') + filename = filename.replace('\r','\\r') + # Encode write(('begin %o %s\n' % (mode & 0o777, filename)).encode('ascii')) chunk = read(45) diff --git a/Lib/uu.py b/Lib/uu.py index 9b1e5e607207f7..f65e4531eb51e5 100755 --- a/Lib/uu.py +++ b/Lib/uu.py @@ -73,6 +73,13 @@ def encode(in_file, out_file, name=None, mode=None, *, backtick=False): name = '-' if mode is None: mode = 0o666 + + # + # Remove newline chars from name + # + name = name.replace('\n','\\n') + name = name.replace('\r','\\r') + # # Write the data # From b79021d5a67dbbab6af6860e258106499ec25537 Mon Sep 17 00:00:00 2001 From: mat Date: Sat, 30 Nov 2019 09:37:10 +0000 Subject: [PATCH 2/4] Fixed trailing whitespace --- Lib/uu.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Lib/uu.py b/Lib/uu.py index f65e4531eb51e5..9f1f37f1a64101 100755 --- a/Lib/uu.py +++ b/Lib/uu.py @@ -73,13 +73,13 @@ def encode(in_file, out_file, name=None, mode=None, *, backtick=False): name = '-' if mode is None: mode = 0o666 - + # # Remove newline chars from name # name = name.replace('\n','\\n') name = name.replace('\r','\\r') - + # # Write the data # From 5ad14ea3092cb245ed65273d9e53e6e4e98cdd6d Mon Sep 17 00:00:00 2001 From: mat Date: Sun, 1 Dec 2019 09:14:59 +0000 Subject: [PATCH 3/4] Added test for uu encoding overflow --- Lib/test/test_uu.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/Lib/test/test_uu.py b/Lib/test/test_uu.py index c9f05e5b760d92..c8709f7a0d6660 100644 --- a/Lib/test/test_uu.py +++ b/Lib/test/test_uu.py @@ -136,6 +136,15 @@ def test_garbage_padding(self): decoded = codecs.decode(encodedtext, "uu_codec") self.assertEqual(decoded, plaintext) + def test_newlines_escaped(self): + # Test newlines are escaped with uu.encode + inp = io.BytesIO(plaintext) + out = io.BytesIO() + filename = "test.txt\n\roverflow.txt" + safefilename = b"test.txt\\n\\roverflow.txt" + uu.encode(inp, out, filename) + self.assertIn(safefilename, out.getvalue()) + class UUStdIOTest(unittest.TestCase): def setUp(self): From 86915afa6764c290ceb997b13b17b2479123a873 Mon Sep 17 00:00:00 2001 From: "blurb-it[bot]" <43283697+blurb-it[bot]@users.noreply.github.com> Date: Sun, 1 Dec 2019 22:44:41 +0000 Subject: [PATCH 4/4] =?UTF-8?q?=F0=9F=93=9C=F0=9F=A4=96=20Added=20by=20blu?= =?UTF-8?q?rb=5Fit.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../next/Security/2019-12-01-22-44-40.bpo-38945.ztmNXc.rst | 1 + 1 file changed, 1 insertion(+) create mode 100644 Misc/NEWS.d/next/Security/2019-12-01-22-44-40.bpo-38945.ztmNXc.rst diff --git a/Misc/NEWS.d/next/Security/2019-12-01-22-44-40.bpo-38945.ztmNXc.rst b/Misc/NEWS.d/next/Security/2019-12-01-22-44-40.bpo-38945.ztmNXc.rst new file mode 100644 index 00000000000000..1bf6ed567b2412 --- /dev/null +++ b/Misc/NEWS.d/next/Security/2019-12-01-22-44-40.bpo-38945.ztmNXc.rst @@ -0,0 +1 @@ +Newline characters have been escaped when performing uu encoding to prevent them from overflowing into to content section of the encoded file. This prevents malicious or accidental modification of data during the decoding process. \ No newline at end of file