mirror of
https://github.com/python/cpython.git
synced 2025-07-24 11:44:31 +00:00
* Python/traceback.c: security fix -- check for buffer oveflow
before concatenating sys.path item and module name
This commit is contained in:
Guido van Rossum
parent
03093a248d
commit
bfd5d755a0
1 changed files with 6 additions and 1 deletions
|
|
@ -178,13 +178,18 @@ tb_displayline(f, filename, lineno, name)
|
||||||
path = sysget("path");
|
path = sysget("path");
|
||||||
if (path != NULL && is_listobject(path)) {
|
if (path != NULL && is_listobject(path)) {
|
||||||
int npath = getlistsize(path);
|
int npath = getlistsize(path);
|
||||||
|
int taillen = strlen(tail);
|
||||||
char namebuf[MAXPATHLEN+1];
|
char namebuf[MAXPATHLEN+1];
|
||||||
for (i = 0; i < npath; i++) {
|
for (i = 0; i < npath; i++) {
|
||||||
object *v = getlistitem(path, i);
|
object *v = getlistitem(path, i);
|
||||||
if (is_stringobject(v)) {
|
if (is_stringobject(v)) {
|
||||||
int len;
|
int len;
|
||||||
strcpy(namebuf, getstringvalue(v));
|
|
||||||
len = getstringsize(v);
|
len = getstringsize(v);
|
||||||
|
if (len + 1 + taillen >= MAXPATHLEN)
|
||||||
|
continue; /* Too long */
|
||||||
|
strcpy(namebuf, getstringvalue(v));
|
||||||
|
if (strlen(namebuf) != len)
|
||||||
|
continue; /* v contains '\0' */
|
||||||
if (len > 0 && namebuf[len-1] != SEP)
|
if (len > 0 && namebuf[len-1] != SEP)
|
||||||
namebuf[len++] = SEP;
|
namebuf[len++] = SEP;
|
||||||
strcpy(namebuf+len, tail);
|
strcpy(namebuf+len, tail);
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue