From bfd5d755a0edd12a8249fd690fd93b090829bf6c Mon Sep 17 00:00:00 2001
From: Guido van Rossum <guido@python.org>
Date: Thu, 29 Sep 1994 09:38:04 +0000
Subject: 	* Python/traceback.c: security fix -- check for buffer oveflow
 	before concatenating sys.path item and module name

---
 Python/traceback.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/Python/traceback.c b/Python/traceback.c
index ea8fa7d..1db9c94 100644
--- a/Python/traceback.c
+++ b/Python/traceback.c
@@ -178,13 +178,18 @@ tb_displayline(f, filename, lineno, name)
 		path = sysget("path");
 		if (path != NULL && is_listobject(path)) {
 			int npath = getlistsize(path);
+			int taillen = strlen(tail);
 			char namebuf[MAXPATHLEN+1];
 			for (i = 0; i < npath; i++) {
 				object *v = getlistitem(path, i);
 				if (is_stringobject(v)) {
 					int len;
-					strcpy(namebuf, getstringvalue(v));
 					len = getstringsize(v);
+					if (len + 1 + taillen >= MAXPATHLEN)
+						continue; /* Too long */
+					strcpy(namebuf, getstringvalue(v));
+					if (strlen(namebuf) != len)
+						continue; /* v contains '\0' */
 					if (len > 0 && namebuf[len-1] != SEP)
 						namebuf[len++] = SEP;
 					strcpy(namebuf+len, tail);
-- 
cgit v0.12