From 686ee4fd3db413b24c49e5a6331d3ba5fb5d9b05 Mon Sep 17 00:00:00 2001
From: Brian Curtin <brian.curtin@gmail.com>
Date: Sun, 1 Aug 2010 15:44:11 +0000
Subject: Merged revisions 83407 via svnmerge from
 svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r83407 | brian.curtin | 2010-08-01 10:26:26 -0500 (Sun, 01 Aug 2010) | 3 lines

  Fix #8105. Add validation to mmap.mmap so invalid file descriptors
  don't cause a crash on Windows.
........
---
 Lib/test/test_mmap.py | 12 +++++++++++-
 Misc/NEWS             |  2 ++
 Modules/mmapmodule.c  |  5 +++++
 3 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/Lib/test/test_mmap.py b/Lib/test/test_mmap.py
index eae4157..b3869a6 100644
--- a/Lib/test/test_mmap.py
+++ b/Lib/test/test_mmap.py
@@ -1,6 +1,6 @@
 from test.support import TESTFN, run_unittest, import_module
 import unittest
-import os, re, itertools
+import os, re, itertools, socket
 
 # Skip test if we can't import mmap.
 mmap = import_module('mmap')
@@ -586,6 +586,16 @@ class MmapTests(unittest.TestCase):
                 pass
             m.close()
 
+        def test_invalid_descriptor(self):
+            # socket file descriptors are valid, but out of range
+            # for _get_osfhandle, causing a crash when validating the
+            # parameters to _get_osfhandle.
+            s = socket.socket()
+            try:
+                with self.assertRaises(mmap.error):
+                    m = mmap.mmap(s.fileno(), 10)
+            finally:
+                s.close()
 
 def test_main():
     run_unittest(MmapTests)
diff --git a/Misc/NEWS b/Misc/NEWS
index 96abd0d..7cf087b 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -332,6 +332,8 @@ Library
 Extension Modules
 -----------------
 
+- Issue #8105: Validate file descriptor passed to mmap.mmap on Windows.
+
 - Issue #9422: Fix memory leak when re-initializing a struct.Struct object.
 
 - Issue #7900: The getgroups(2) system call on MacOSX behaves rather oddly
diff --git a/Modules/mmapmodule.c b/Modules/mmapmodule.c
index 9714ddf..b170b38 100644
--- a/Modules/mmapmodule.c
+++ b/Modules/mmapmodule.c
@@ -1203,6 +1203,11 @@ new_mmap_object(PyTypeObject *type, PyObject *args, PyObject *kwdict)
                      1);
      */
     if (fileno != -1 && fileno != 0) {
+        /* Ensure that fileno is within the CRT's valid range */
+        if (_PyVerify_fd(fileno) == 0) {
+            PyErr_SetFromErrno(mmap_module_error);
+            return NULL;
+        }
         fh = (HANDLE)_get_osfhandle(fileno);
         if (fh==(HANDLE)-1) {
             PyErr_SetFromErrno(mmap_module_error);
-- 
cgit v0.12