diff options
| author | Christian Heimes <christian@cheimes.de> | 2013-07-22 10:54:21 (GMT) |
|---|---|---|
| committer | Christian Heimes <christian@cheimes.de> | 2013-07-22 10:54:21 (GMT) |
| commit | de0e63bd9cf3f4f4833664988d2ec03b75c0d5a1 (patch) | |
| tree | b25ddeb8f01b1bd3003ab5d8464d7bd51fff57c6 /Modules/getpath.c | |
| parent | 7fca717815610b4180b72566428c13e07c7def6b (diff) | |
| parent | 60a60677093e2792439c9e34debe6d55feead63f (diff) | |
| download | cpython-de0e63bd9cf3f4f4833664988d2ec03b75c0d5a1.zip cpython-de0e63bd9cf3f4f4833664988d2ec03b75c0d5a1.tar.gz cpython-de0e63bd9cf3f4f4833664988d2ec03b75c0d5a1.tar.bz2 | |
Issue #15905: Fix theoretical buffer overflow in handling of sys.argv[0],
prefix and exec_prefix if the operation system does not obey MAXPATHLEN.
Diffstat (limited to 'Modules/getpath.c')
| -rw-r--r-- | Modules/getpath.c | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/Modules/getpath.c b/Modules/getpath.c index 21dc854..1a43150 100644 --- a/Modules/getpath.c +++ b/Modules/getpath.c @@ -326,6 +326,7 @@ search_for_prefix(wchar_t *argv0_path, wchar_t *home, wchar_t *_prefix) if (home) { wchar_t *delim; wcsncpy(prefix, home, MAXPATHLEN); + prefix[MAXPATHLEN] = L'\0'; delim = wcschr(prefix, DELIM); if (delim) *delim = L'\0'; @@ -335,13 +336,15 @@ search_for_prefix(wchar_t *argv0_path, wchar_t *home, wchar_t *_prefix) } /* Check to see if argv[0] is in the build directory */ - wcscpy(prefix, argv0_path); + wcsncpy(prefix, argv0_path, MAXPATHLEN); + prefix[MAXPATHLEN] = L'\0'; joinpath(prefix, L"Modules/Setup"); if (isfile(prefix)) { /* Check VPATH to see if argv0_path is in the build directory. */ vpath = _Py_char2wchar(VPATH, NULL); if (vpath != NULL) { - wcscpy(prefix, argv0_path); + wcsncpy(prefix, argv0_path, MAXPATHLEN); + prefix[MAXPATHLEN] = L'\0'; joinpath(prefix, vpath); PyMem_RawFree(vpath); joinpath(prefix, L"Lib"); @@ -365,6 +368,7 @@ search_for_prefix(wchar_t *argv0_path, wchar_t *home, wchar_t *_prefix) /* Look at configure's PREFIX */ wcsncpy(prefix, _prefix, MAXPATHLEN); + prefix[MAXPATHLEN] = L'\0'; joinpath(prefix, lib_python); joinpath(prefix, LANDMARK); if (ismodule(prefix)) @@ -391,6 +395,7 @@ search_for_exec_prefix(wchar_t *argv0_path, wchar_t *home, wchar_t *_exec_prefix wcsncpy(exec_prefix, delim+1, MAXPATHLEN); else wcsncpy(exec_prefix, home, MAXPATHLEN); + exec_prefix[MAXPATHLEN] = L'\0'; joinpath(exec_prefix, lib_python); joinpath(exec_prefix, L"lib-dynload"); return 1; @@ -399,7 +404,8 @@ search_for_exec_prefix(wchar_t *argv0_path, wchar_t *home, wchar_t *_exec_prefix /* Check to see if argv[0] is in the build directory. "pybuilddir.txt" is written by setup.py and contains the relative path to the location of shared library modules. */ - wcscpy(exec_prefix, argv0_path); + wcsncpy(exec_prefix, argv0_path, MAXPATHLEN); + exec_prefix[MAXPATHLEN] = L'\0'; joinpath(exec_prefix, L"pybuilddir.txt"); if (isfile(exec_prefix)) { FILE *f = _Py_wfopen(exec_prefix, L"rb"); @@ -420,7 +426,8 @@ search_for_exec_prefix(wchar_t *argv0_path, wchar_t *home, wchar_t *_exec_prefix Py_DECREF(decoded); if (k >= 0) { rel_builddir_path[k] = L'\0'; - wcscpy(exec_prefix, argv0_path); + wcsncpy(exec_prefix, argv0_path, MAXPATHLEN); + exec_prefix[MAXPATHLEN] = L'\0'; joinpath(exec_prefix, rel_builddir_path); return -1; } @@ -442,6 +449,7 @@ search_for_exec_prefix(wchar_t *argv0_path, wchar_t *home, wchar_t *_exec_prefix /* Look at configure's EXEC_PREFIX */ wcsncpy(exec_prefix, _exec_prefix, MAXPATHLEN); + exec_prefix[MAXPATHLEN] = L'\0'; joinpath(exec_prefix, lib_python); joinpath(exec_prefix, L"lib-dynload"); if (isdir(exec_prefix)) |