Issue #15905: Fix theoretical buffer overflow in handling of sys.argv[0],

prefix and exec_prefix if the operation system does not obey MAXPATHLEN.
author: Christian Heimes <christian@cheimes.de> 2013-07-22 10:53:32 (GMT)
committer: Christian Heimes <christian@cheimes.de> 2013-07-22 10:53:32 (GMT)
commit: 60a60677093e2792439c9e34debe6d55feead63f (patch)
tree: 89fc77fe5cdf82f498c990466ec0a69efa789d26 /Python
parent: 37c916dd18df3442a4d8f79d14f5f23ba87e3fe5 (diff)
download: cpython-60a60677093e2792439c9e34debe6d55feead63f.zip
cpython-60a60677093e2792439c9e34debe6d55feead63f.tar.gz
cpython-60a60677093e2792439c9e34debe6d55feead63f.tar.bz2
1 files changed, 4 insertions, 3 deletions
diff --git a/Python/sysmodule.c b/Python/sysmodule.c
index 20bfa55..edd6649 100644
--- a/Python/sysmodule.c
+++ b/Python/sysmodule.c
@@ -1856,10 +1856,11 @@ sys_update_path(int argc, wchar_t **argv)
             if (q == NULL)
                 argv0 = link; /* argv0 without path */
             else {
-                /* Must make a copy */
-                wcscpy(argv0copy, argv0);
+                /* Must make a copy, argv0copy has room for 2 * MAXPATHLEN */
+                wcsncpy(argv0copy, argv0, MAXPATHLEN);
                 q = wcsrchr(argv0copy, SEP);
-                wcscpy(q+1, link);
+                wcsncpy(q+1, link, MAXPATHLEN);
+                q[MAXPATHLEN + 1] = L'\0';
                 argv0 = argv0copy;
             }
         }
author	Christian Heimes <christian@cheimes.de>	2013-07-22 10:53:32 (GMT)
committer	Christian Heimes <christian@cheimes.de>	2013-07-22 10:53:32 (GMT)
commit	60a60677093e2792439c9e34debe6d55feead63f (patch)
tree	89fc77fe5cdf82f498c990466ec0a69efa789d26 /Python
parent	37c916dd18df3442a4d8f79d14f5f23ba87e3fe5 (diff)
download	cpython-60a60677093e2792439c9e34debe6d55feead63f.zip cpython-60a60677093e2792439c9e34debe6d55feead63f.tar.gz cpython-60a60677093e2792439c9e34debe6d55feead63f.tar.bz2