summaryrefslogtreecommitdiffstats
path: root/PC/WinMain.c
diff options
context:
space:
mode:
authorTim Peters <tim.peters@gmail.com>2004-08-07 19:12:27 (GMT)
committerTim Peters <tim.peters@gmail.com>2004-08-07 19:12:27 (GMT)
commit8484fbf0f6cd2bc5fd5a5cd4d04797734e9121fc (patch)
treed0fe7578aec34894ee003b4d873c6bcb6735ad34 /PC/WinMain.c
parent59a27f1d6e12aeb0fa4dc8b24bfbbf3113d2a976 (diff)
downloadcpython-8484fbf0f6cd2bc5fd5a5cd4d04797734e9121fc.zip
cpython-8484fbf0f6cd2bc5fd5a5cd4d04797734e9121fc.tar.gz
cpython-8484fbf0f6cd2bc5fd5a5cd4d04797734e9121fc.tar.bz2
SF bug 1003471: Python 1.5.2 security vulnerability
This was probably fixed in rev 1.32 of getpath.c, but there are so many paths thru the code that invoke joinpath() it's not at all obvious that it *is* fixed. It doesn't help confidence that a crucial precondition for calling joinpath() was neither documented nor verified. It is now, and joinpath() will barf with a fatal error now rather than overrun the buffer, if the precondition isn't met. Note that this patch only changes the Windows flavor. I attached another patch to the bug report for the POSIX flavor (which I can't test conveniently).
Diffstat (limited to 'PC/WinMain.c')
0 files changed, 0 insertions, 0 deletions