traverseda
/
cpython
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

bpo-33016: Fix potential use of uninitialized memory in nt._getfinalpathname (#6010)

This commit is contained in:
Alexey Izbyshev 2018-03-08 19:03:25 +03:00 committed by Steve Dower
parent 3c7ac7ea20
commit 3b20d3454e
2 changed files with 34 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Misc/NEWS.d/next/Windows/2018-03-07-01-33-33.bpo-33016.Z_Med0.rst Normal file
View File

@ -0,0 +1 @@
Fix potential use of uninitialized memory in nt._getfinalpathname

76
Modules/posixmodule.c
View File

@ -303,12 +303,6 @@ extern int lstat(const char *, struct stat *);
#ifdef HAVE_PROCESS_H #ifdef HAVE_PROCESS_H
#include <process.h> #include <process.h>
#endif #endif
#ifndef VOLUME_NAME_DOS
#define VOLUME_NAME_DOS 0x0
#endif
#ifndef VOLUME_NAME_NT
#define VOLUME_NAME_NT 0x2
#endif
#ifndef IO_REPARSE_TAG_SYMLINK #ifndef IO_REPARSE_TAG_SYMLINK
#define IO_REPARSE_TAG_SYMLINK (0xA000000CL) #define IO_REPARSE_TAG_SYMLINK (0xA000000CL)
#endif #endif
@ -3731,11 +3725,10 @@ os__getfinalpathname_impl(PyObject *module, path_t *path)
/*[clinic end generated code: output=621a3c79bc29ebfa input=2b6b6c7cbad5fb84]*/ /*[clinic end generated code: output=621a3c79bc29ebfa input=2b6b6c7cbad5fb84]*/
{ {
HANDLE hFile; HANDLE hFile;
int buf_size; wchar_t buf[MAXPATHLEN], *target_path = buf;
wchar_t *target_path; int buf_size = Py_ARRAY_LENGTH(buf);
int result_length; int result_length;
PyObject *result; PyObject *result;
const char *err = NULL;
Py_BEGIN_ALLOW_THREADS Py_BEGIN_ALLOW_THREADS
hFile = CreateFileW( hFile = CreateFileW(
@ -3747,55 +3740,52 @@ os__getfinalpathname_impl(PyObject *module, path_t *path)
/* FILE_FLAG_BACKUP_SEMANTICS is required to open a directory */ /* FILE_FLAG_BACKUP_SEMANTICS is required to open a directory */
FILE_FLAG_BACKUP_SEMANTICS, FILE_FLAG_BACKUP_SEMANTICS,
NULL); NULL);
Py_END_ALLOW_THREADS
if (hFile == INVALID_HANDLE_VALUE) { if (hFile == INVALID_HANDLE_VALUE) {
err = "CreateFileW"; return win32_error_object("CreateFileW", path->object);
goto done1;
} }
/* We have a good handle to the target, use it to determine the /* We have a good handle to the target, use it to determine the
target path name. */ target path name. */
buf_size = GetFinalPathNameByHandleW(hFile, 0, 0, VOLUME_NAME_NT); while (1) {
Py_BEGIN_ALLOW_THREADS
result_length = GetFinalPathNameByHandleW(hFile, target_path,
buf_size, VOLUME_NAME_DOS);
Py_END_ALLOW_THREADS
if (!buf_size) { if (!result_length) {
err = "GetFinalPathNameByHandle"; result = win32_error_object("GetFinalPathNameByHandleW",
goto done1; path->object);
} goto cleanup;
done1: }
Py_END_ALLOW_THREADS
if (err)
return win32_error_object(err, path->object);
target_path = PyMem_New(wchar_t, buf_size+1); if (result_length < buf_size) {
if(!target_path) break;
return PyErr_NoMemory(); }
Py_BEGIN_ALLOW_THREADS wchar_t *tmp;
result_length = GetFinalPathNameByHandleW(hFile, target_path, tmp = PyMem_Realloc(target_path != buf ? target_path : NULL,
buf_size, VOLUME_NAME_DOS); result_length * sizeof(*tmp));
if (!result_length) { if (!tmp) {
err = "GetFinalPathNameByHandle"; result = PyErr_NoMemory();
goto done2; goto cleanup;
}
buf_size = result_length;
target_path = tmp;
} }
if (!CloseHandle(hFile)) {
err = "CloseHandle";
goto done2;
}
done2:
Py_END_ALLOW_THREADS
if (err) {
PyMem_Free(target_path);
return win32_error_object(err, path->object);
}
target_path[result_length] = 0;
result = PyUnicode_FromWideChar(target_path, result_length); result = PyUnicode_FromWideChar(target_path, result_length);
PyMem_Free(target_path);
if (path->narrow) if (path->narrow)
Py_SETREF(result, PyUnicode_EncodeFSDefault(result)); Py_SETREF(result, PyUnicode_EncodeFSDefault(result));
return result;
cleanup:
if (target_path != buf) {
PyMem_Free(target_path);
}
CloseHandle(hFile);
return result;
} }
/*[clinic input] /*[clinic input]