[New-bugs-announce] [issue15905] Copy to fixed size buffer w/o check in sys_update_path
Christian Heimes
report at bugs.python.org
Mon Sep 10 18:09:46 CEST 2012
New submission from Christian Heimes:
In Python/sysmodule.c the function sys_update_path() uses wcscpy to copy data to a fixed size buffer. The input comes from an external source (argv[0]) and could theoretically be larger than the buffer.
Suggested solution:
Increase the buffer a bit:
wchar_t argv0copy[sizeof(wchar_t)* (MAXPATHLEN+1)];
and use wcsncpy:
wcsncpy(argv0copy, argv0, MAXPATHLEN);
argv0copy[MAXPATHLEN] = L'\0';
CID 486850
----------
components: Interpreter Core
messages: 170200
nosy: christian.heimes
priority: normal
severity: normal
stage: needs patch
status: open
title: Copy to fixed size buffer w/o check in sys_update_path
type: behavior
versions: Python 3.2, Python 3.3, Python 3.4
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue15905>
_______________________________________
More information about the New-bugs-announce
mailing list