diff options
| author | Steve Dower <steve.dower@microsoft.com> | 2018-03-08 22:50:30 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-03-08 22:50:30 (GMT) |
| commit | 32efcd13069a89abf007373274ee1bc0909d1996 (patch) | |
| tree | dae581e42711b12dec5b1340294656e738b47233 /Modules/posixmodule.c | |
| parent | 2f3ba27185a369bcb6b36b13aa3518ffcc970ffa (diff) | |
| download | cpython-32efcd13069a89abf007373274ee1bc0909d1996.zip cpython-32efcd13069a89abf007373274ee1bc0909d1996.tar.gz cpython-32efcd13069a89abf007373274ee1bc0909d1996.tar.bz2 | |
bpo-33016: Fix potential use of uninitialized memory in nt._getfinalpathname (GH-6032)
Diffstat (limited to 'Modules/posixmodule.c')
| -rw-r--r-- | Modules/posixmodule.c | 54 |
1 files changed, 32 insertions, 22 deletions
diff --git a/Modules/posixmodule.c b/Modules/posixmodule.c index 39ba030..9c05acb 100644 --- a/Modules/posixmodule.c +++ b/Modules/posixmodule.c @@ -306,12 +306,6 @@ extern int lstat(const char *, struct stat *); #ifdef HAVE_PROCESS_H #include <process.h> #endif -#ifndef VOLUME_NAME_DOS -#define VOLUME_NAME_DOS 0x0 -#endif -#ifndef VOLUME_NAME_NT -#define VOLUME_NAME_NT 0x2 -#endif #ifndef IO_REPARSE_TAG_SYMLINK #define IO_REPARSE_TAG_SYMLINK (0xA000000CL) #endif @@ -3672,8 +3666,8 @@ os__getfinalpathname_impl(PyObject *module, PyObject *path) /*[clinic end generated code: output=9bd78d0e52782e75 input=71d5e89334891bf4]*/ { HANDLE hFile; - int buf_size; - wchar_t *target_path; + wchar_t buf[MAXPATHLEN], *target_path = buf; + int buf_size = Py_ARRAY_LENGTH(buf); int result_length; PyObject *result; const wchar_t *path_wchar; @@ -3682,6 +3676,7 @@ os__getfinalpathname_impl(PyObject *module, PyObject *path) if (path_wchar == NULL) return NULL; + Py_BEGIN_ALLOW_THREADS hFile = CreateFileW( path_wchar, 0, /* desired access */ @@ -3691,32 +3686,47 @@ os__getfinalpathname_impl(PyObject *module, PyObject *path) /* FILE_FLAG_BACKUP_SEMANTICS is required to open a directory */ FILE_FLAG_BACKUP_SEMANTICS, NULL); + Py_END_ALLOW_THREADS if(hFile == INVALID_HANDLE_VALUE) return win32_error_object("CreateFileW", path); /* We have a good handle to the target, use it to determine the target path name. */ - buf_size = GetFinalPathNameByHandleW(hFile, 0, 0, VOLUME_NAME_NT); + while (1) { + Py_BEGIN_ALLOW_THREADS + result_length = GetFinalPathNameByHandleW(hFile, target_path, + buf_size, VOLUME_NAME_DOS); + Py_END_ALLOW_THREADS - if(!buf_size) - return win32_error_object("GetFinalPathNameByHandle", path); + if (!result_length) { + result = win32_error_object("GetFinalPathNameByHandleW", path); + goto cleanup; + } - target_path = PyMem_New(wchar_t, buf_size+1); - if(!target_path) - return PyErr_NoMemory(); + if (result_length < buf_size) { + break; + } - result_length = GetFinalPathNameByHandleW(hFile, target_path, - buf_size, VOLUME_NAME_DOS); - if(!result_length) - return win32_error_object("GetFinalPathNamyByHandle", path); + wchar_t *tmp; + tmp = PyMem_Realloc(target_path != buf ? target_path : NULL, + result_length * sizeof(*tmp)); + if (!tmp) { + result = PyErr_NoMemory(); + goto cleanup; + } - if(!CloseHandle(hFile)) - return win32_error_object("CloseHandle", path); + buf_size = result_length; + target_path = tmp; + } - target_path[result_length] = 0; result = PyUnicode_FromWideChar(target_path, result_length); - PyMem_Free(target_path); + +cleanup: + if (target_path != buf) { + PyMem_Free(target_path); + } + CloseHandle(hFile); return result; } |