diff options
| author | Christian Heimes <christian@cheimes.de> | 2013-07-22 10:54:21 (GMT) |
|---|---|---|
| committer | Christian Heimes <christian@cheimes.de> | 2013-07-22 10:54:21 (GMT) |
| commit | de0e63bd9cf3f4f4833664988d2ec03b75c0d5a1 (patch) | |
| tree | b25ddeb8f01b1bd3003ab5d8464d7bd51fff57c6 /Python/sysmodule.c | |
| parent | 7fca717815610b4180b72566428c13e07c7def6b (diff) | |
| parent | 60a60677093e2792439c9e34debe6d55feead63f (diff) | |
| download | cpython-de0e63bd9cf3f4f4833664988d2ec03b75c0d5a1.zip cpython-de0e63bd9cf3f4f4833664988d2ec03b75c0d5a1.tar.gz cpython-de0e63bd9cf3f4f4833664988d2ec03b75c0d5a1.tar.bz2 | |
Issue #15905: Fix theoretical buffer overflow in handling of sys.argv[0],
prefix and exec_prefix if the operation system does not obey MAXPATHLEN.
Diffstat (limited to 'Python/sysmodule.c')
| -rw-r--r-- | Python/sysmodule.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/Python/sysmodule.c b/Python/sysmodule.c index 2680e6b..e14de49 100644 --- a/Python/sysmodule.c +++ b/Python/sysmodule.c @@ -1854,10 +1854,11 @@ sys_update_path(int argc, wchar_t **argv) if (q == NULL) argv0 = link; /* argv0 without path */ else { - /* Must make a copy */ - wcscpy(argv0copy, argv0); + /* Must make a copy, argv0copy has room for 2 * MAXPATHLEN */ + wcsncpy(argv0copy, argv0, MAXPATHLEN); q = wcsrchr(argv0copy, SEP); - wcscpy(q+1, link); + wcsncpy(q+1, link, MAXPATHLEN); + q[MAXPATHLEN + 1] = L'\0'; argv0 = argv0copy; } } |