Skip to content

Commit

Permalink
Issue #28522: Fixes mishandled buffer reallocation in getpathp.c
Browse files Browse the repository at this point in the history
  • Loading branch information
@zooba
zooba committed Oct 27, 2016
2 parents a820890 + 833d73c commit e879f56
Show file tree
Hide file tree
Showing 3 changed files with 69 additions and 4 deletions.
52 changes: 52 additions & 0 deletions Lib/test/test_site.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -488,6 +488,58 @@ def test_startup_interactivehook_isolated_explicit(self):
'import site, sys; site.enablerlcompleter(); sys.exit(hasattr(sys, "__interactivehook__"))']).wait()
self.assertTrue(r, "'__interactivehook__' not added by enablerlcompleter()")

@unittest.skipUnless(sys.platform == 'win32', "only supported on Windows")
def test_underpth_nosite_file(self):
_pth_file = os.path.splitext(sys.executable)[0] + '._pth'
try:
libpath = os.path.dirname(os.path.dirname(encodings.__file__))
with open(_pth_file, 'w') as f:
print('fake-path-name', file=f)
# Ensure the generated path is very long so that buffer
# resizing in getpathp.c is exercised
for _ in range(200):
print(libpath, file=f)
print('# comment', file=f)

env = os.environ.copy()
env['PYTHONPATH'] = 'from-env'
rc = subprocess.call([sys.executable, '-c',
'import sys; sys.exit(sys.flags.no_site and '
'len(sys.path) > 200 and '
'%r in sys.path and %r in sys.path and %r not in sys.path)' % (
os.path.join(sys.prefix, 'fake-path-name'),
libpath,
os.path.join(sys.prefix, 'from-env'),
)], env=env)
self.assertEqual(rc, 0)
finally:
os.unlink(_pth_file)

@unittest.skipUnless(sys.platform == 'win32', "only supported on Windows")
def test_underpth_file(self):
_pth_file = os.path.splitext(sys.executable)[0] + '._pth'
try:
libpath = os.path.dirname(os.path.dirname(encodings.__file__))
with open(_pth_file, 'w') as f:
print('fake-path-name', file=f)
for _ in range(200):
print(libpath, file=f)
print('# comment', file=f)
print('import site', file=f)

env = os.environ.copy()
env['PYTHONPATH'] = 'from-env'
rc = subprocess.call([sys.executable, '-c',
'import sys; sys.exit(not sys.flags.no_site and '
'%r in sys.path and %r in sys.path and %r not in sys.path)' % (
os.path.join(sys.prefix, 'fake-path-name'),
libpath,
os.path.join(sys.prefix, 'from-env'),
)], env=env)
self.assertEqual(rc, 0)
finally:
os.unlink(_pth_file)


if __name__ == "__main__":
unittest.main()
2 changes: 2 additions & 0 deletions Misc/NEWS
View file
Original file line number Diff line number Diff line change
Expand Up @@ -321,6 +321,8 @@ Library
Windows
-------

- Issue #28522: Fixes mishandled buffer reallocation in getpathp.c

- Issue #28402: Adds signed catalog files for stdlib on Windows.

- Issue #28333: Enables Unicode for ps1/ps2 and input() prompts. (Patch by
Expand Down
19 changes: 15 additions & 4 deletions PC/getpathp.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -581,7 +581,8 @@ read_pth_file(const wchar_t *path, wchar_t *prefix, int *isolated, int *nosite)
wn = MultiByteToWideChar(CP_UTF8, 0, line, -1, wline, wn + 1);
wline[wn] = '\0';

while (wn + prefixlen + 4 > bufsiz) {
size_t usedsiz = wcslen(buf);
while (usedsiz + wn + prefixlen + 4 > bufsiz) {
bufsiz += MAXPATHLEN;
buf = (wchar_t*)PyMem_RawRealloc(buf, (bufsiz + 1) * sizeof(wchar_t));
if (!buf) {
Expand All @@ -590,11 +591,21 @@ read_pth_file(const wchar_t *path, wchar_t *prefix, int *isolated, int *nosite)
}
}

if (buf[0])
if (usedsiz) {
wcscat_s(buf, bufsiz, L";");
usedsiz += 1;
}

wchar_t *b = &buf[wcslen(buf)];
wcscat_s(buf, bufsiz, prefix);
errno_t result;
_Py_BEGIN_SUPPRESS_IPH
result = wcscat_s(buf, bufsiz, prefix);
_Py_END_SUPPRESS_IPH
if (result == EINVAL) {
Py_FatalError("invalid argument during ._pth processing");
} else if (result == ERANGE) {
Py_FatalError("buffer overflow during ._pth processing");
}
wchar_t *b = &buf[usedsiz];
join(b, wline);

PyMem_RawFree(wline);
Expand Down

0 comments on commit e879f56

Please sign in to comment.