mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-08-04 00:48:58 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

[security] bpo-13617: Reject embedded null characters in wchar* strings. (#2302)

Browse source 
Based on patch by Victor Stinner.

Add private C API function _PyUnicode_AsUnicode() which is similar to
PyUnicode_AsUnicode(), but checks for null characters.
This commit is contained in:
Serhiy Storchaka 2017-06-28 08:30:06 +03:00 committed by GitHub
parent 592eda1233
commit f7eae0adfc
22 changed files with 115 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

10
Modules/_cursesmodule.c
View file

@ -341,9 +341,11 @@ static int
PyCurses_ConvertToString(PyCursesWindowObject *win, PyObject *obj,
PyObject **bytes, wchar_t **wstr)
{
char *str;
if (PyUnicode_Check(obj)) {
#ifdef HAVE_NCURSESW
assert (wstr != NULL);
*wstr = PyUnicode_AsWideCharString(obj, NULL);
if (*wstr == NULL)
return 0;
@ -353,12 +355,20 @@ PyCurses_ConvertToString(PyCursesWindowObject *win, PyObject *obj,
*bytes = PyUnicode_AsEncodedString(obj, win->encoding, NULL);
if (*bytes == NULL)
return 0;
/* check for embedded null bytes */
if (PyBytes_AsStringAndSize(*bytes, &str, NULL) < 0) {
return 0;
}
return 1;
#endif
}
else if (PyBytes_Check(obj)) {
Py_INCREF(obj);
*bytes = obj;
/* check for embedded null bytes */
if (PyBytes_AsStringAndSize(*bytes, &str, NULL) < 0) {
return 0;
}
return 1;
}