diff options
| author | Guido van Rossum <guido@python.org> | 1994-09-29 09:38:04 +0000 | 
|---|---|---|
| committer | Guido van Rossum <guido@python.org> | 1994-09-29 09:38:04 +0000 | 
| commit | bfd5d755a0edd12a8249fd690fd93b090829bf6c (patch) | |
| tree | ec032bb9f7f2404a7de2e0c50205f9df02a16f10 /Python/traceback.c | |
| parent | 03093a248d4ef3af23a5906dea276c01e0c1ae2c (diff) | |
| download | cpython-git-bfd5d755a0edd12a8249fd690fd93b090829bf6c.tar.gz | |
	* Python/traceback.c: security fix -- check for buffer oveflow
	before concatenating sys.path item and module name
Diffstat (limited to 'Python/traceback.c')
| -rw-r--r-- | Python/traceback.c | 7 | 
1 files changed, 6 insertions, 1 deletions
| diff --git a/Python/traceback.c b/Python/traceback.c index ea8fa7d68b..1db9c941cc 100644 --- a/Python/traceback.c +++ b/Python/traceback.c @@ -178,13 +178,18 @@ tb_displayline(f, filename, lineno, name)  		path = sysget("path");  		if (path != NULL && is_listobject(path)) {  			int npath = getlistsize(path); +			int taillen = strlen(tail);  			char namebuf[MAXPATHLEN+1];  			for (i = 0; i < npath; i++) {  				object *v = getlistitem(path, i);  				if (is_stringobject(v)) {  					int len; -					strcpy(namebuf, getstringvalue(v));  					len = getstringsize(v); +					if (len + 1 + taillen >= MAXPATHLEN) +						continue; /* Too long */ +					strcpy(namebuf, getstringvalue(v)); +					if (strlen(namebuf) != len) +						continue; /* v contains '\0' */  					if (len > 0 && namebuf[len-1] != SEP)  						namebuf[len++] = SEP;  					strcpy(namebuf+len, tail); | 
