Mirror
/
cpython
mirror of https://github.com/python/cpython
4
1
Fork 0
Code Issues Releases Wiki Activity

Fixes for possible buffer overflows in sprintf() usages.

This commit is contained in:
Marc-André Lemburg 2001-11-28 11:47:00 +00:00
parent 5107b4cf5f
commit d4c0a9c59b
8 changed files with 17 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Modules/_testcapimodule.c
View File

@ -36,7 +36,7 @@ sizeof_error(const char* fatname, const char* typename,
int expected, int got)
{
char buf[1024];
sprintf(buf, "%s #define == %d but sizeof(%s) == %d",
sprintf(buf, "%.200s #define == %d but sizeof(%.200s) == %d",
fatname, expected, typename, got);
PyErr_SetString(TestError, buf);
return (PyObject*)NULL;

2
Modules/posixmodule.c
View File

@ -5787,7 +5787,7 @@ static int insertvalues(PyObject *d)
APIRET rc;
ULONG values[QSV_MAX+1];
PyObject *v;
char *ver, tmp[10];
char *ver, tmp[50];
Py_BEGIN_ALLOW_THREADS
rc = DosQuerySysInfo(1, QSV_MAX, &values[1], sizeof(values));

4
Modules/readline.c
View File

@ -165,7 +165,7 @@ set_hook(const char * funcname, PyObject **hook_var, PyThreadState **tstate, PyO
{
PyObject *function = Py_None;
char buf[80];
sprintf(buf, "|O:set_%s", funcname);
sprintf(buf, "|O:set_%.50s", funcname);
if (!PyArg_ParseTuple(args, buf, &function))
return NULL;
if (function == Py_None) {
@ -181,7 +181,7 @@ set_hook(const char * funcname, PyObject **hook_var, PyThreadState **tstate, PyO
*tstate = PyThreadState_Get();
}
else {
sprintf(buf, "set_%s(func): argument not callable", funcname);
sprintf(buf, "set_%.50s(func): argument not callable", funcname);
PyErr_SetString(PyExc_TypeError, buf);
return NULL;
}

2
Objects/weakrefobject.c
View File

@ -135,7 +135,7 @@ weakref_repr(PyWeakReference *self)
(long)(self));
}
else {
sprintf(buffer, "<weakref at %#lx; to '%s' at %#lx>",
sprintf(buffer, "<weakref at %#lx; to '%.50s' at %#lx>",
(long)(self), PyWeakref_GET_OBJECT(self)->ob_type->tp_name,
(long)(PyWeakref_GET_OBJECT(self)));
}

2
Python/compile.c
View File

@ -4195,7 +4195,7 @@ get_ref_type(struct compiling *c, char *name)
return GLOBAL_IMPLICIT;
}
}
sprintf(buf,
PyOS_snprintf(buf, sizeof(buf),
"unknown scope for %.100s in %.100s(%s) "
"in %s\nsymbols: %s\nlocals: %s\nglobals: %s\n",
name, c->c_name,

2
Python/dynload_os2.c
View File

@ -32,7 +32,7 @@ dl_funcptr _PyImport_GetDynLoadFunc(const char *fqname, const char *shortname,
if (rc != NO_ERROR) {
char errBuf[256];
sprintf(errBuf,
"DLL load failed, rc = %d: %s",
"DLL load failed, rc = %d: %.200s",
rc, failreason);
PyErr_SetString(PyExc_ImportError, errBuf);
return NULL;

2
Python/dynload_win.c
View File

@ -232,7 +232,7 @@ dl_funcptr _PyImport_GetDynLoadFunc(const char *fqname, const char *shortname,
if (import_python &&
strcasecmp(buffer,import_python)) {
sprintf(buffer,
"Module use of %s conflicts "
"Module use of %.150s conflicts "
"with this version of Python.",
import_python);
PyErr_SetString(PyExc_ImportError,buffer);

23
Python/getargs.c
View File

@ -1,11 +1,6 @@
/* New getargs implementation */
/* XXX There are several unchecked sprintf or strcat calls in this file.
XXX The only way these can become a danger is if some C code in the
XXX Python source (or in an extension) uses ridiculously long names
XXX or ridiculously deep nesting in format strings. */
#include "Python.h"
#include <ctype.h>
@ -140,7 +135,7 @@ vgetargs1(PyObject *args, char *format, va_list *p_va, int compat)
if (max == 0) {
if (args == NULL)
return 1;
sprintf(msgbuf, "%s%s takes no arguments",
sprintf(msgbuf, "%.200s%s takes no arguments",
fname==NULL ? "function" : fname,
fname==NULL ? "" : "()");
PyErr_SetString(PyExc_TypeError, msgbuf);
@ -149,7 +144,7 @@ vgetargs1(PyObject *args, char *format, va_list *p_va, int compat)
else if (min == 1 && max == 1) {
if (args == NULL) {
sprintf(msgbuf,
"%s%s takes at least one argument",
"%.200s%s takes at least one argument",
fname==NULL ? "function" : fname,
fname==NULL ? "" : "()");
PyErr_SetString(PyExc_TypeError, msgbuf);
@ -179,7 +174,7 @@ vgetargs1(PyObject *args, char *format, va_list *p_va, int compat)
if (len < min || max < len) {
if (message == NULL) {
sprintf(msgbuf,
"%s%s takes %s %d argument%s (%d given)",
"%.150s%s takes %s %d argument%s (%d given)",
fname==NULL ? "function" : fname,
fname==NULL ? "" : "()",
min==max ? "exactly"
@ -220,7 +215,7 @@ vgetargs1(PyObject *args, char *format, va_list *p_va, int compat)
static void
seterror(int iarg, char *msg, int *levels, char *fname, char *message)
{
char buf[256];
char buf[512];
int i;
char *p = buf;
@ -228,14 +223,14 @@ seterror(int iarg, char *msg, int *levels, char *fname, char *message)
return;
else if (message == NULL) {
if (fname != NULL) {
sprintf(p, "%s() ", fname);
sprintf(p, "%.200s() ", fname);
p += strlen(p);
}
if (iarg != 0) {
sprintf(p, "argument %d", iarg);
i = 0;
p += strlen(p);
while (levels[i] > 0) {
while (levels[i] > 0 && (int)(p-buf) < 220) {
sprintf(p, ", item %d", levels[i]-1);
p += strlen(p);
i++;
@ -245,7 +240,7 @@ seterror(int iarg, char *msg, int *levels, char *fname, char *message)
sprintf(p, "argument");
p += strlen(p);
}
sprintf(p, " %s", msg);
sprintf(p, " %.256s", msg);
message = buf;
}
PyErr_SetString(PyExc_TypeError, message);
@ -300,8 +295,8 @@ converttuple(PyObject *arg, char **p_format, va_list *p_va, int *levels,
if (!PySequence_Check(arg) || PyString_Check(arg)) {
levels[0] = 0;
sprintf(msgbuf,
toplevel ? "expected %d arguments, not %s" :
"must be %d-item sequence, not %s",
toplevel ? "expected %d arguments, not %.50s" :
"must be %d-item sequence, not %.50s",
n, arg == Py_None ? "None" : arg->ob_type->tp_name);
return msgbuf;
}