gentoo-overlay/dev-python/rencode/files/rencode-1.0.6-fix-CVE-2021-40839.patch

From: Andrew Resch <andrewresch@gmail.com>
Date: Mon, 9 Aug 2021 20:44:51 -0700
Subject: [PATCH] Fix checking if typecode is valid while decoding.

This bug will cause rencode to hang if the invalid typecode is included
in a sequence type (list, dict) since the position will not change and
the loop checking for the termination byte never returns.

This change is a copy of PR #29 with a few aesthetic changes.

--- a/rencode/rencode.pyx
+++ b/rencode/rencode.pyx
@@ -527,6 +527,8 @@
         return decode_fixed_dict(data, pos)
     elif typecode == CHR_DICT:
         return decode_dict(data, pos)
+    else:
+        raise ValueError("Invalid typecode: %d at pos: %d" % (typecode, pos[0]))
 
 def loads(data, decode_utf8=False):
     """
--- a/tests/test_rencode.py
+++ b/tests/test_rencode.py
@@ -223,5 +223,10 @@
         assert rencode_orig.__version__
         self.assertEqual(rencode.__version__[1:], rencode_orig.__version__[1:], "version number does not match")
 
+    def test_invalid_typecode(self):
+        s = b";\x2f\x7f"
+        with self.assertRaises(ValueError):
+            rencode.loads(s)
+
 if __name__ == '__main__':
     unittest.main()