diff options
| author | Guido van Rossum <guido@python.org> | 1998-06-08 20:27:29 (GMT) |
|---|---|---|
| committer | Guido van Rossum <guido@python.org> | 1998-06-08 20:27:29 (GMT) |
| commit | a45cb45965e4afa035d5069d30a579898b79f1e3 (patch) | |
| tree | 828567d9275d2b66778fe500b1ed2d7781f001b8 /Python/marshal.c | |
| parent | a63eff6e6aac8325cb3542a2d678cfc69fa8597e (diff) | |
| download | cpython-a45cb45965e4afa035d5069d30a579898b79f1e3.zip cpython-a45cb45965e4afa035d5069d30a579898b79f1e3.tar.gz cpython-a45cb45965e4afa035d5069d30a579898b79f1e3.tar.bz2 | |
When unmarshalling, add test for negative lengths on strings, tuples
and lists; if the size is negative, raise an exception. Also raise an
exception when an undefined type is found -- all this to increase the
chance that garbage input causes an exception instead of a core dump.
Diffstat (limited to 'Python/marshal.c')
| -rw-r--r-- | Python/marshal.c | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/Python/marshal.c b/Python/marshal.c index 3664734..3d5f2e5 100644 --- a/Python/marshal.c +++ b/Python/marshal.c @@ -463,6 +463,10 @@ r_object(p) case TYPE_STRING: n = r_long(p); + if (n < 0) { + PyErr_SetString(PyExc_ValueError, "bad marshal data"); + return NULL; + } v = PyString_FromStringAndSize((char *)NULL, n); if (v != NULL) { if (r_string(PyString_AsString(v), (int)n, p) != n) { @@ -476,6 +480,10 @@ r_object(p) case TYPE_TUPLE: n = r_long(p); + if (n < 0) { + PyErr_SetString(PyExc_ValueError, "bad marshal data"); + return NULL; + } v = PyTuple_New((int)n); if (v == NULL) return v; @@ -492,6 +500,10 @@ r_object(p) case TYPE_LIST: n = r_long(p); + if (n < 0) { + PyErr_SetString(PyExc_ValueError, "bad marshal data"); + return NULL; + } v = PyList_New((int)n); if (v == NULL) return v; @@ -571,8 +583,8 @@ r_object(p) default: /* Bogus data got written, which isn't ideal. This will let you keep working and recover. */ - Py_INCREF(Py_None); - return Py_None; + PyErr_SetString(PyExc_ValueError, "bad marshal data"); + return NULL; } } |