Kaydet (Commit) 71d305c8 authored tarafından Antoine Pitrou's avatar Antoine Pitrou

Merged revisions 81400 via svnmerge from

svn+ssh://pythondev@svn.python.org/python/branches/py3k

................
  r81400 | antoine.pitrou | 2010-05-21 19:25:34 +0200 (ven., 21 mai 2010) | 12 lines

  Merged revisions 81398 via svnmerge from
  svn+ssh://pythondev@svn.python.org/python/trunk

  ........
    r81398 | antoine.pitrou | 2010-05-21 19:12:38 +0200 (ven., 21 mai 2010) | 6 lines

    Issue #5753: A new C API function, :cfunc:`PySys_SetArgvEx`, allows
    embedders of the interpreter to set sys.argv without also modifying
    sys.path.  This helps fix `CVE-2008-5983
    <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5983>`_.
  ........
................
üst 06f018d5
...@@ -22,6 +22,7 @@ Initialization, Finalization, and Threads ...@@ -22,6 +22,7 @@ Initialization, Finalization, and Threads
module: sys module: sys
triple: module; search; path triple: module; search; path
single: PySys_SetArgv() single: PySys_SetArgv()
single: PySys_SetArgvEx()
single: Py_Finalize() single: Py_Finalize()
Initialize the Python interpreter. In an application embedding Python, this Initialize the Python interpreter. In an application embedding Python, this
...@@ -31,7 +32,7 @@ Initialization, Finalization, and Threads ...@@ -31,7 +32,7 @@ Initialization, Finalization, and Threads
the table of loaded modules (``sys.modules``), and creates the fundamental the table of loaded modules (``sys.modules``), and creates the fundamental
modules :mod:`builtins`, :mod:`__main__` and :mod:`sys`. It also initializes modules :mod:`builtins`, :mod:`__main__` and :mod:`sys`. It also initializes
the module search path (``sys.path``). It does not set ``sys.argv``; use the module search path (``sys.path``). It does not set ``sys.argv``; use
:cfunc:`PySys_SetArgv` for that. This is a no-op when called for a second time :cfunc:`PySys_SetArgvEx` for that. This is a no-op when called for a second time
(without calling :cfunc:`Py_Finalize` first). There is no return value; it is a (without calling :cfunc:`Py_Finalize` first). There is no return value; it is a
fatal error if the initialization fails. fatal error if the initialization fails.
...@@ -344,7 +345,7 @@ Initialization, Finalization, and Threads ...@@ -344,7 +345,7 @@ Initialization, Finalization, and Threads
``sys.version``. ``sys.version``.
.. cfunction:: void PySys_SetArgv(int argc, wchar_t **argv) .. cfunction:: void PySys_SetArgvEx(int argc, wchar_t **argv, int updatepath)
.. index:: .. index::
single: main() single: main()
...@@ -359,14 +360,41 @@ Initialization, Finalization, and Threads ...@@ -359,14 +360,41 @@ Initialization, Finalization, and Threads
string. If this function fails to initialize :data:`sys.argv`, a fatal string. If this function fails to initialize :data:`sys.argv`, a fatal
condition is signalled using :cfunc:`Py_FatalError`. condition is signalled using :cfunc:`Py_FatalError`.
This function also prepends the executed script's path to :data:`sys.path`. If *updatepath* is zero, this is all the function does. If *updatepath*
If no script is executed (in the case of calling ``python -c`` or just the is non-zero, the function also modifies :data:`sys.path` according to the
interactive interpreter), the empty string is used instead. following algorithm:
- If the name of an existing script is passed in ``argv[0]``, the absolute
path of the directory where the script is located is prepended to
:data:`sys.path`.
- Otherwise (that is, if *argc* is 0 or ``argv[0]`` doesn't point
to an existing file name), an empty string is prepended to
:data:`sys.path`, which is the same as prepending the current working
directory (``"."``).
.. note::
It is recommended that applications embedding the Python interpreter
for purposes other than executing a single script pass 0 as *updatepath*,
and update :data:`sys.path` themselves if desired.
See `CVE-2008-5983 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5983>`_.
On versions before 3.1.3, you can achieve the same effect by manually
popping the first :data:`sys.path` element after having called
:cfunc:`PySys_SetArgv`, for example using::
PyRun_SimpleString("import sys; sys.path.pop(0)\n");
.. versionadded:: 3.1.3
.. XXX impl. doesn't seem consistent in allowing 0/NULL for the params; .. XXX impl. doesn't seem consistent in allowing 0/NULL for the params;
check w/ Guido. check w/ Guido.
.. cfunction:: void PySys_SetArgv(int argc, wchar_t **argv)
This function works like :cfunc:`PySys_SetArgv` with *updatepath* set to 1.
.. cfunction:: void Py_SetPythonHome(wchar_t *home) .. cfunction:: void Py_SetPythonHome(wchar_t *home)
Set the default "home" directory, that is, the location of the standard Set the default "home" directory, that is, the location of the standard
......
...@@ -10,6 +10,7 @@ extern "C" { ...@@ -10,6 +10,7 @@ extern "C" {
PyAPI_FUNC(PyObject *) PySys_GetObject(const char *); PyAPI_FUNC(PyObject *) PySys_GetObject(const char *);
PyAPI_FUNC(int) PySys_SetObject(const char *, PyObject *); PyAPI_FUNC(int) PySys_SetObject(const char *, PyObject *);
PyAPI_FUNC(void) PySys_SetArgv(int, wchar_t **); PyAPI_FUNC(void) PySys_SetArgv(int, wchar_t **);
PyAPI_FUNC(void) PySys_SetArgvEx(int, wchar_t **, int);
PyAPI_FUNC(void) PySys_SetPath(const wchar_t *); PyAPI_FUNC(void) PySys_SetPath(const wchar_t *);
PyAPI_FUNC(void) PySys_WriteStdout(const char *format, ...) PyAPI_FUNC(void) PySys_WriteStdout(const char *format, ...)
......
...@@ -43,6 +43,14 @@ Core and Builtins ...@@ -43,6 +43,14 @@ Core and Builtins
- Issue #7072: isspace(0xa0) is true on Mac OS X - Issue #7072: isspace(0xa0) is true on Mac OS X
C-API
-----
- Issue #5753: A new C API function, :cfunc:`PySys_SetArgvEx`, allows
embedders of the interpreter to set sys.argv without also modifying
sys.path. This helps fix `CVE-2008-5983
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5983>`_.
Library Library
------- -------
......
...@@ -1555,7 +1555,7 @@ _wrealpath(const wchar_t *path, wchar_t *resolved_path) ...@@ -1555,7 +1555,7 @@ _wrealpath(const wchar_t *path, wchar_t *resolved_path)
#endif #endif
void void
PySys_SetArgv(int argc, wchar_t **argv) PySys_SetArgvEx(int argc, wchar_t **argv, int updatepath)
{ {
#if defined(HAVE_REALPATH) #if defined(HAVE_REALPATH)
wchar_t fullpath[MAXPATHLEN]; wchar_t fullpath[MAXPATHLEN];
...@@ -1568,7 +1568,7 @@ PySys_SetArgv(int argc, wchar_t **argv) ...@@ -1568,7 +1568,7 @@ PySys_SetArgv(int argc, wchar_t **argv)
Py_FatalError("no mem for sys.argv"); Py_FatalError("no mem for sys.argv");
if (PySys_SetObject("argv", av) != 0) if (PySys_SetObject("argv", av) != 0)
Py_FatalError("can't assign sys.argv"); Py_FatalError("can't assign sys.argv");
if (path != NULL) { if (updatepath && path != NULL) {
wchar_t *argv0 = argv[0]; wchar_t *argv0 = argv[0];
wchar_t *p = NULL; wchar_t *p = NULL;
Py_ssize_t n = 0; Py_ssize_t n = 0;
...@@ -1655,6 +1655,12 @@ PySys_SetArgv(int argc, wchar_t **argv) ...@@ -1655,6 +1655,12 @@ PySys_SetArgv(int argc, wchar_t **argv)
Py_DECREF(av); Py_DECREF(av);
} }
void
PySys_SetArgv(int argc, wchar_t **argv)
{
PySys_SetArgvEx(argc, argv, 1);
}
/* Reimplementation of PyFile_WriteString() no calling indirectly /* Reimplementation of PyFile_WriteString() no calling indirectly
PyErr_CheckSignals(): avoid the call to PyObject_Str(). */ PyErr_CheckSignals(): avoid the call to PyObject_Str(). */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment