Mirror
/
cpython
mirror of https://github.com/python/cpython
4
1
Fork 0
Code Issues Releases Wiki Activity

* Python/traceback.c: security fix -- check for buffer oveflow 

before concatenating sys.path item and module name
This commit is contained in:
Guido van Rossum 1994-09-29 09:38:04 +00:00
parent 03093a248d
commit bfd5d755a0
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Python/traceback.c
View File

@ -178,13 +178,18 @@ tb_displayline(f, filename, lineno, name)
path = sysget("path");
if (path != NULL && is_listobject(path)) {
int npath = getlistsize(path);
int taillen = strlen(tail);
char namebuf[MAXPATHLEN+1];
for (i = 0; i < npath; i++) {
object *v = getlistitem(path, i);
if (is_stringobject(v)) {
int len;
strcpy(namebuf, getstringvalue(v));
len = getstringsize(v);
if (len + 1 + taillen >= MAXPATHLEN)
continue; /* Too long */
strcpy(namebuf, getstringvalue(v));
if (strlen(namebuf) != len)
continue; /* v contains '\0' */
if (len > 0 && namebuf[len-1] != SEP)
namebuf[len++] = SEP;
strcpy(namebuf+len, tail);