diff options
author | Andrew M. Kuchling <amk@amk.ca> | 2005-06-09 17:53:27 (GMT) |
---|---|---|
committer | Andrew M. Kuchling <amk@amk.ca> | 2005-06-09 17:53:27 (GMT) |
commit | 52a14c3cdc551d1eb45d2c2de13dd96f41635c86 (patch) | |
tree | 7bed25265484e7fa2c0a9a9996592597b82afedb | |
parent | 4aef245827ff0eed1392383d8c4784fa663ddc84 (diff) | |
download | cpython-52a14c3cdc551d1eb45d2c2de13dd96f41635c86.zip cpython-52a14c3cdc551d1eb45d2c2de13dd96f41635c86.tar.gz cpython-52a14c3cdc551d1eb45d2c2de13dd96f41635c86.tar.bz2 |
[Bug #1200134] Fix buffer overflow by constraining size of .getstr(), .instr() to size of allocated buffer
-rw-r--r-- | Modules/_cursesmodule.c | 22 |
1 files changed, 13 insertions, 9 deletions
diff --git a/Modules/_cursesmodule.c b/Modules/_cursesmodule.c index 7847d39..2e14abb 100644 --- a/Modules/_cursesmodule.c +++ b/Modules/_cursesmodule.c @@ -162,6 +162,10 @@ static int initialisedcolors = FALSE; "must call start_color() first"); \ return 0; } +#ifndef MIN +#define MIN(x,y) ((x) < (y) ? (x) : (y)) +#endif + /* Utility Functions */ /* @@ -801,21 +805,21 @@ PyCursesWindow_GetStr(PyCursesWindowObject *self, PyObject *args) switch (PyTuple_Size(args)) { case 0: Py_BEGIN_ALLOW_THREADS - rtn2 = wgetstr(self->win,rtn); + rtn2 = wgetnstr(self->win,rtn, 1023); Py_END_ALLOW_THREADS break; case 1: if (!PyArg_ParseTuple(args,"i;n", &n)) return NULL; Py_BEGIN_ALLOW_THREADS - rtn2 = wgetnstr(self->win,rtn,n); + rtn2 = wgetnstr(self->win,rtn,MIN(n, 1023)); Py_END_ALLOW_THREADS break; case 2: if (!PyArg_ParseTuple(args,"ii;y,x",&y,&x)) return NULL; Py_BEGIN_ALLOW_THREADS - rtn2 = mvwgetstr(self->win,y,x,rtn); + rtn2 = mvwgetnstr(self->win,y,x,rtn, 1023); Py_END_ALLOW_THREADS break; case 3: @@ -825,11 +829,11 @@ PyCursesWindow_GetStr(PyCursesWindowObject *self, PyObject *args) /* Untested */ Py_BEGIN_ALLOW_THREADS rtn2 = wmove(self->win,y,x)==ERR ? ERR : - wgetnstr(self->win, rtn, n); + wgetnstr(self->win, rtn, MIN(n, 1023)); Py_END_ALLOW_THREADS #else Py_BEGIN_ALLOW_THREADS - rtn2 = mvwgetnstr(self->win, y, x, rtn, n); + rtn2 = mvwgetnstr(self->win, y, x, rtn, MIN(n, 1023)); Py_END_ALLOW_THREADS #endif break; @@ -962,22 +966,22 @@ PyCursesWindow_InStr(PyCursesWindowObject *self, PyObject *args) switch (PyTuple_Size(args)) { case 0: - rtn2 = winstr(self->win,rtn); + rtn2 = winnstr(self->win,rtn, 1023); break; case 1: if (!PyArg_ParseTuple(args,"i;n", &n)) return NULL; - rtn2 = winnstr(self->win,rtn,n); + rtn2 = winnstr(self->win,rtn,MIN(n,1023)); break; case 2: if (!PyArg_ParseTuple(args,"ii;y,x",&y,&x)) return NULL; - rtn2 = mvwinstr(self->win,y,x,rtn); + rtn2 = mvwinnstr(self->win,y,x,rtn,1023); break; case 3: if (!PyArg_ParseTuple(args, "iii;y,x,n", &y, &x, &n)) return NULL; - rtn2 = mvwinnstr(self->win, y, x, rtn, n); + rtn2 = mvwinnstr(self->win, y, x, rtn, MIN(n,1023)); break; default: PyErr_SetString(PyExc_TypeError, "instr requires 0 or 3 arguments"); |