diff options
| author | Serhiy Storchaka <storchaka@gmail.com> | 2017-06-28 05:30:06 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-06-28 05:30:06 (GMT) |
| commit | f7eae0adfcd4c50034281b2c69f461b43b68db84 (patch) | |
| tree | 02d6a582fd81f615e71c55365f1b37a774fc0a4e /Modules/posixmodule.c | |
| parent | 592eda123329bb5ce2bffcbe3701be6b909f1b2a (diff) | |
| download | cpython-f7eae0adfcd4c50034281b2c69f461b43b68db84.zip cpython-f7eae0adfcd4c50034281b2c69f461b43b68db84.tar.gz cpython-f7eae0adfcd4c50034281b2c69f461b43b68db84.tar.bz2 | |
[security] bpo-13617: Reject embedded null characters in wchar* strings. (#2302)
Based on patch by Victor Stinner.
Add private C API function _PyUnicode_AsUnicode() which is similar to
PyUnicode_AsUnicode(), but checks for null characters.
Diffstat (limited to 'Modules/posixmodule.c')
| -rw-r--r-- | Modules/posixmodule.c | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/Modules/posixmodule.c b/Modules/posixmodule.c index 1c75eae..194a2b5 100644 --- a/Modules/posixmodule.c +++ b/Modules/posixmodule.c @@ -3757,7 +3757,7 @@ os__getfinalpathname_impl(PyObject *module, PyObject *path) PyObject *result; const wchar_t *path_wchar; - path_wchar = PyUnicode_AsUnicode(path); + path_wchar = _PyUnicode_AsUnicode(path); if (path_wchar == NULL) return NULL; @@ -7209,7 +7209,7 @@ win_readlink(PyObject *self, PyObject *args, PyObject *kwargs) )) return NULL; - path = PyUnicode_AsUnicode(po); + path = _PyUnicode_AsUnicode(po); if (path == NULL) return NULL; @@ -9002,6 +9002,7 @@ os_putenv_impl(PyObject *module, PyObject *name, PyObject *value) /*[clinic end generated code: output=d29a567d6b2327d2 input=ba586581c2e6105f]*/ { const wchar_t *env; + Py_ssize_t size; /* Search from index 1 because on Windows starting '=' is allowed for defining hidden environment variables. */ @@ -9015,16 +9016,21 @@ os_putenv_impl(PyObject *module, PyObject *name, PyObject *value) if (unicode == NULL) { return NULL; } - if (_MAX_ENV < PyUnicode_GET_LENGTH(unicode)) { + + env = PyUnicode_AsUnicodeAndSize(unicode, &size); + if (env == NULL) + goto error; + if (size > _MAX_ENV) { PyErr_Format(PyExc_ValueError, "the environment variable is longer than %u characters", _MAX_ENV); goto error; } - - env = PyUnicode_AsUnicode(unicode); - if (env == NULL) + if (wcslen(env) != (size_t)size) { + PyErr_SetString(PyExc_ValueError, "embedded null character"); goto error; + } + if (_wputenv(env)) { posix_error(); goto error; |