* Python/traceback.c: security fix -- check for buffer oveflow

before concatenating sys.path item and module name

* Python/traceback.c: security fix -- check for buffer oveflow
before concatenating sys.path item and module name
bfd5d755 · Guido van Rossum · 03093a24 · bfd5d755
Kaydet (Commit) bfd5d755 authored Eyl 29, 1994 tarafından Guido van Rossum
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 1 deletion

traceback.c Python/traceback.c +6 -1

No files found.
--- a/Python/traceback.c
+++ b/Python/traceback.c
@@ -178,13 +178,18 @@ tb_displayline(f, filename, lineno, name)
 		path = sysget("path");
 		if (path != NULL && is_listobject(path)) {
 			int npath = getlistsize(path);
+			int taillen = strlen(tail);
 			char namebuf[MAXPATHLEN+1];
 			for (i = 0; i < npath; i++) {
 				object *v = getlistitem(path, i);
 				if (is_stringobject(v)) {
 					int len;
-					strcpy(namebuf, getstringvalue(v));
 					len = getstringsize(v);
+					if (len + 1 + taillen >= MAXPATHLEN)
+						continue; /* Too long */
+					strcpy(namebuf, getstringvalue(v));
+					if (strlen(namebuf) != len)
+						continue; /* v contains '\0' */
 					if (len > 0 && namebuf[len-1] != SEP)
 						namebuf[len++] = SEP;
 					strcpy(namebuf+len, tail);