bpo-30730: Prevent environment variables injection in subprocess on Windows. (#2325)

Prevent passing other invalid environment variables and command arguments.
author: Serhiy Storchaka <storchaka@gmail.com> 2017-06-23 16:39:27 (GMT)
committer: GitHub <noreply@github.com> 2017-06-23 16:39:27 (GMT)
commit: d174d24a5d37d1516b885dc7c82f71ecd5930700 (patch)
tree: d9fd67e5993b32d8b80c58099dd4a6aa0672722b /Objects/abstract.c
parent: d352d689775699c289e011e8cec52c23c600b7fa (diff)
download: cpython-d174d24a5d37d1516b885dc7c82f71ecd5930700.zip
cpython-d174d24a5d37d1516b885dc7c82f71ecd5930700.tar.gz
cpython-d174d24a5d37d1516b885dc7c82f71ecd5930700.tar.bz2
1 files changed, 2 insertions, 2 deletions
diff --git a/Objects/abstract.c b/Objects/abstract.c
index 0f1ee9d..cb026c0 100644
--- a/Objects/abstract.c
+++ b/Objects/abstract.c
@@ -2558,8 +2558,8 @@ _PySequence_BytesToCharpArray(PyObject* self)
             array[i] = NULL;
             goto fail;
         }
-        data = PyBytes_AsString(item);
-        if (data == NULL) {
+        /* check for embedded null bytes */
+        if (PyBytes_AsStringAndSize(item, &data, NULL) < 0) {
             /* NULL terminate before freeing. */
             array[i] = NULL;
             goto fail;
author	Serhiy Storchaka <storchaka@gmail.com>	2017-06-23 16:39:27 (GMT)
committer	GitHub <noreply@github.com>	2017-06-23 16:39:27 (GMT)
commit	d174d24a5d37d1516b885dc7c82f71ecd5930700 (patch)
tree	d9fd67e5993b32d8b80c58099dd4a6aa0672722b /Objects/abstract.c
parent	d352d689775699c289e011e8cec52c23c600b7fa (diff)
download	cpython-d174d24a5d37d1516b885dc7c82f71ecd5930700.zip cpython-d174d24a5d37d1516b885dc7c82f71ecd5930700.tar.gz cpython-d174d24a5d37d1516b885dc7c82f71ecd5930700.tar.bz2