summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrew M. Kuchling <amk@amk.ca>2005-06-09 17:53:27 (GMT)
committerAndrew M. Kuchling <amk@amk.ca>2005-06-09 17:53:27 (GMT)
commit52a14c3cdc551d1eb45d2c2de13dd96f41635c86 (patch)
tree7bed25265484e7fa2c0a9a9996592597b82afedb
parent4aef245827ff0eed1392383d8c4784fa663ddc84 (diff)
downloadcpython-52a14c3cdc551d1eb45d2c2de13dd96f41635c86.zip
cpython-52a14c3cdc551d1eb45d2c2de13dd96f41635c86.tar.gz
cpython-52a14c3cdc551d1eb45d2c2de13dd96f41635c86.tar.bz2
[Bug #1200134] Fix buffer overflow by constraining size of .getstr(), .instr() to size of allocated buffer
-rw-r--r--Modules/_cursesmodule.c22
1 files changed, 13 insertions, 9 deletions
diff --git a/Modules/_cursesmodule.c b/Modules/_cursesmodule.c
index 7847d39..2e14abb 100644
--- a/Modules/_cursesmodule.c
+++ b/Modules/_cursesmodule.c
@@ -162,6 +162,10 @@ static int initialisedcolors = FALSE;
"must call start_color() first"); \
return 0; }
+#ifndef MIN
+#define MIN(x,y) ((x) < (y) ? (x) : (y))
+#endif
+
/* Utility Functions */
/*
@@ -801,21 +805,21 @@ PyCursesWindow_GetStr(PyCursesWindowObject *self, PyObject *args)
switch (PyTuple_Size(args)) {
case 0:
Py_BEGIN_ALLOW_THREADS
- rtn2 = wgetstr(self->win,rtn);
+ rtn2 = wgetnstr(self->win,rtn, 1023);
Py_END_ALLOW_THREADS
break;
case 1:
if (!PyArg_ParseTuple(args,"i;n", &n))
return NULL;
Py_BEGIN_ALLOW_THREADS
- rtn2 = wgetnstr(self->win,rtn,n);
+ rtn2 = wgetnstr(self->win,rtn,MIN(n, 1023));
Py_END_ALLOW_THREADS
break;
case 2:
if (!PyArg_ParseTuple(args,"ii;y,x",&y,&x))
return NULL;
Py_BEGIN_ALLOW_THREADS
- rtn2 = mvwgetstr(self->win,y,x,rtn);
+ rtn2 = mvwgetnstr(self->win,y,x,rtn, 1023);
Py_END_ALLOW_THREADS
break;
case 3:
@@ -825,11 +829,11 @@ PyCursesWindow_GetStr(PyCursesWindowObject *self, PyObject *args)
/* Untested */
Py_BEGIN_ALLOW_THREADS
rtn2 = wmove(self->win,y,x)==ERR ? ERR :
- wgetnstr(self->win, rtn, n);
+ wgetnstr(self->win, rtn, MIN(n, 1023));
Py_END_ALLOW_THREADS
#else
Py_BEGIN_ALLOW_THREADS
- rtn2 = mvwgetnstr(self->win, y, x, rtn, n);
+ rtn2 = mvwgetnstr(self->win, y, x, rtn, MIN(n, 1023));
Py_END_ALLOW_THREADS
#endif
break;
@@ -962,22 +966,22 @@ PyCursesWindow_InStr(PyCursesWindowObject *self, PyObject *args)
switch (PyTuple_Size(args)) {
case 0:
- rtn2 = winstr(self->win,rtn);
+ rtn2 = winnstr(self->win,rtn, 1023);
break;
case 1:
if (!PyArg_ParseTuple(args,"i;n", &n))
return NULL;
- rtn2 = winnstr(self->win,rtn,n);
+ rtn2 = winnstr(self->win,rtn,MIN(n,1023));
break;
case 2:
if (!PyArg_ParseTuple(args,"ii;y,x",&y,&x))
return NULL;
- rtn2 = mvwinstr(self->win,y,x,rtn);
+ rtn2 = mvwinnstr(self->win,y,x,rtn,1023);
break;
case 3:
if (!PyArg_ParseTuple(args, "iii;y,x,n", &y, &x, &n))
return NULL;
- rtn2 = mvwinnstr(self->win, y, x, rtn, n);
+ rtn2 = mvwinnstr(self->win, y, x, rtn, MIN(n,1023));
break;
default:
PyErr_SetString(PyExc_TypeError, "instr requires 0 or 3 arguments");