summaryrefslogtreecommitdiffstats
path: root/Python
diff options
context:
space:
mode:
authorGuido van Rossum <guido@python.org>1998-06-08 20:27:29 (GMT)
committerGuido van Rossum <guido@python.org>1998-06-08 20:27:29 (GMT)
commita45cb45965e4afa035d5069d30a579898b79f1e3 (patch)
tree828567d9275d2b66778fe500b1ed2d7781f001b8 /Python
parenta63eff6e6aac8325cb3542a2d678cfc69fa8597e (diff)
downloadcpython-a45cb45965e4afa035d5069d30a579898b79f1e3.zip
cpython-a45cb45965e4afa035d5069d30a579898b79f1e3.tar.gz
cpython-a45cb45965e4afa035d5069d30a579898b79f1e3.tar.bz2
When unmarshalling, add test for negative lengths on strings, tuples
and lists; if the size is negative, raise an exception. Also raise an exception when an undefined type is found -- all this to increase the chance that garbage input causes an exception instead of a core dump.
Diffstat (limited to 'Python')
-rw-r--r--Python/marshal.c16
1 files changed, 14 insertions, 2 deletions
diff --git a/Python/marshal.c b/Python/marshal.c
index 3664734..3d5f2e5 100644
--- a/Python/marshal.c
+++ b/Python/marshal.c
@@ -463,6 +463,10 @@ r_object(p)
case TYPE_STRING:
n = r_long(p);
+ if (n < 0) {
+ PyErr_SetString(PyExc_ValueError, "bad marshal data");
+ return NULL;
+ }
v = PyString_FromStringAndSize((char *)NULL, n);
if (v != NULL) {
if (r_string(PyString_AsString(v), (int)n, p) != n) {
@@ -476,6 +480,10 @@ r_object(p)
case TYPE_TUPLE:
n = r_long(p);
+ if (n < 0) {
+ PyErr_SetString(PyExc_ValueError, "bad marshal data");
+ return NULL;
+ }
v = PyTuple_New((int)n);
if (v == NULL)
return v;
@@ -492,6 +500,10 @@ r_object(p)
case TYPE_LIST:
n = r_long(p);
+ if (n < 0) {
+ PyErr_SetString(PyExc_ValueError, "bad marshal data");
+ return NULL;
+ }
v = PyList_New((int)n);
if (v == NULL)
return v;
@@ -571,8 +583,8 @@ r_object(p)
default:
/* Bogus data got written, which isn't ideal.
This will let you keep working and recover. */
- Py_INCREF(Py_None);
- return Py_None;
+ PyErr_SetString(PyExc_ValueError, "bad marshal data");
+ return NULL;
}
}