bpo-35161: Fix stack-use-after-scope in grp.getgr{nam, gid} and pwd.getpw{nam, uid}. (GH-10319)
![](https://secure.gravatar.com/avatar/cc7737cd64a84f1b5c61a160798e97ee.jpg?s=120&d=mm&r=g)
https://github.com/python/cpython/commit/e359bc24b1f3a6ce311b9ef3043d1fdf5f1... commit: e359bc24b1f3a6ce311b9ef3043d1fdf5f1bf1cd branch: master author: Alexey Izbyshev <izbyshev@ispras.ru> committer: Serhiy Storchaka <storchaka@gmail.com> date: 2018-11-04T17:44:16+02:00 summary: bpo-35161: Fix stack-use-after-scope in grp.getgr{nam,gid} and pwd.getpw{nam,uid}. (GH-10319) Reported by ASAN. files: M Modules/grpmodule.c M Modules/pwdmodule.c diff --git a/Modules/grpmodule.c b/Modules/grpmodule.c index 74286ab3974d..d426f083111e 100644 --- a/Modules/grpmodule.c +++ b/Modules/grpmodule.c @@ -124,11 +124,12 @@ grp_getgrgid_impl(PyObject *module, PyObject *id) Py_DECREF(py_int_id); } #ifdef HAVE_GETGRGID_R - Py_BEGIN_ALLOW_THREADS int status; Py_ssize_t bufsize; + /* Note: 'grp' will be used via pointer 'p' on getgrgid_r success. */ struct group grp; + Py_BEGIN_ALLOW_THREADS bufsize = sysconf(_SC_GETGR_R_SIZE_MAX); if (bufsize == -1) { bufsize = DEFAULT_BUFFER_SIZE; @@ -204,11 +205,12 @@ grp_getgrnam_impl(PyObject *module, PyObject *name) if (PyBytes_AsStringAndSize(bytes, &name_chars, NULL) == -1) goto out; #ifdef HAVE_GETGRNAM_R - Py_BEGIN_ALLOW_THREADS int status; Py_ssize_t bufsize; + /* Note: 'grp' will be used via pointer 'p' on getgrnam_r success. */ struct group grp; + Py_BEGIN_ALLOW_THREADS bufsize = sysconf(_SC_GETGR_R_SIZE_MAX); if (bufsize == -1) { bufsize = DEFAULT_BUFFER_SIZE; diff --git a/Modules/pwdmodule.c b/Modules/pwdmodule.c index d15286dc10fc..1286e7d5ce59 100644 --- a/Modules/pwdmodule.c +++ b/Modules/pwdmodule.c @@ -131,11 +131,12 @@ pwd_getpwuid(PyObject *module, PyObject *uidobj) return NULL; } #ifdef HAVE_GETPWUID_R - Py_BEGIN_ALLOW_THREADS int status; Py_ssize_t bufsize; + /* Note: 'pwd' will be used via pointer 'p' on getpwuid_r success. */ struct passwd pwd; + Py_BEGIN_ALLOW_THREADS bufsize = sysconf(_SC_GETPW_R_SIZE_MAX); if (bufsize == -1) { bufsize = DEFAULT_BUFFER_SIZE; @@ -212,11 +213,12 @@ pwd_getpwnam_impl(PyObject *module, PyObject *name) if (PyBytes_AsStringAndSize(bytes, &name_chars, NULL) == -1) goto out; #ifdef HAVE_GETPWNAM_R - Py_BEGIN_ALLOW_THREADS int status; Py_ssize_t bufsize; + /* Note: 'pwd' will be used via pointer 'p' on getpwnam_r success. */ struct passwd pwd; + Py_BEGIN_ALLOW_THREADS bufsize = sysconf(_SC_GETPW_R_SIZE_MAX); if (bufsize == -1) { bufsize = DEFAULT_BUFFER_SIZE;
participants (1)
-
Serhiy Storchaka