diff options
| author | Thomas Wouters <thomas@python.org> | 2006-04-25 13:53:23 (GMT) |
|---|---|---|
| committer | Thomas Wouters <thomas@python.org> | 2006-04-25 13:53:23 (GMT) |
| commit | 6dbff33be848ed875f3769be6b866438b099aa3a (patch) | |
| tree | 0ff979c8a9a9d1494dfc6b525c9f944ee142840d /Modules/fcntlmodule.c | |
| parent | d798a181abd2b03ba5358d3528e5f4c78be74980 (diff) | |
| download | cpython-6dbff33be848ed875f3769be6b866438b099aa3a.zip cpython-6dbff33be848ed875f3769be6b866438b099aa3a.tar.gz cpython-6dbff33be848ed875f3769be6b866438b099aa3a.tar.bz2 | |
SF bug/patch #1433877: string parameter to ioctl not null terminated
The new char-array used in ioctl calls wasn't explicitly NUL-terminated;
quite probably the cause for the test_pty failures on Solaris that we
circumvented earlier. (I wasn't able to reproduce it with this patch, but it
has been somewhat elusive to start with.)
Diffstat (limited to 'Modules/fcntlmodule.c')
| -rw-r--r-- | Modules/fcntlmodule.c | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/Modules/fcntlmodule.c b/Modules/fcntlmodule.c index a368494..477af06 100644 --- a/Modules/fcntlmodule.c +++ b/Modules/fcntlmodule.c @@ -95,6 +95,7 @@ corresponding to the return value of the fcntl call in the C code."); static PyObject * fcntl_ioctl(PyObject *self, PyObject *args) { +#define IOCTL_BUFSZ 1024 int fd; /* In PyArg_ParseTuple below, use the unsigned int 'I' format for the signed int 'code' variable, because Python turns 0x8000000 @@ -106,7 +107,7 @@ fcntl_ioctl(PyObject *self, PyObject *args) char *str; Py_ssize_t len; int mutate_arg = 1; - char buf[1024]; + char buf[IOCTL_BUFSZ+1]; /* argument plus NUL byte */ if (PyArg_ParseTuple(args, "O&Iw#|i:ioctl", conv_descriptor, &fd, &code, @@ -114,8 +115,9 @@ fcntl_ioctl(PyObject *self, PyObject *args) char *arg; if (mutate_arg) { - if (len <= sizeof buf) { + if (len <= IOCTL_BUFSZ) { memcpy(buf, str, len); + buf[len] = '\0'; arg = buf; } else { @@ -123,13 +125,14 @@ fcntl_ioctl(PyObject *self, PyObject *args) } } else { - if (len > sizeof buf) { + if (len > IOCTL_BUFSZ) { PyErr_SetString(PyExc_ValueError, "ioctl string arg too long"); return NULL; } else { memcpy(buf, str, len); + buf[len] = '\0'; arg = buf; } } @@ -141,7 +144,7 @@ fcntl_ioctl(PyObject *self, PyObject *args) else { ret = ioctl(fd, code, arg); } - if (mutate_arg && (len < sizeof buf)) { + if (mutate_arg && (len < IOCTL_BUFSZ)) { memcpy(str, buf, len); } if (ret < 0) { @@ -159,12 +162,13 @@ fcntl_ioctl(PyObject *self, PyObject *args) PyErr_Clear(); if (PyArg_ParseTuple(args, "O&Is#:ioctl", conv_descriptor, &fd, &code, &str, &len)) { - if (len > sizeof buf) { + if (len > IOCTL_BUFSZ) { PyErr_SetString(PyExc_ValueError, "ioctl string arg too long"); return NULL; } memcpy(buf, str, len); + buf[len] = '\0'; Py_BEGIN_ALLOW_THREADS ret = ioctl(fd, code, buf); Py_END_ALLOW_THREADS @@ -195,6 +199,7 @@ fcntl_ioctl(PyObject *self, PyObject *args) return NULL; } return PyInt_FromLong((long)ret); +#undef IOCTL_BUFSZ } PyDoc_STRVAR(ioctl_doc, |