[Patches] overflow checking for modification time (64-bit, import.c)

Trent Mick trentm@activestate.com
Thu, 1 Jun 2000 13:38:31 -0700


Discussion:

This patch fixes possible overflow in the use of PyOS_GetLastModificationTime
in getmtime.c and Python/import.c.

Currently PyOS_GetLastModificationTime returns a C long. This can overflow on
Win64 where sizeof(time_t) > sizeof(long). Besides it should logically return
a time_t anyway (this patch changes this).

As well, import.c uses PyOS_GetLastModificationTime for .pyc timestamping.
There has been recent discussion about the .pyc header format on python-dev.
This patch adds oveflow checking to import.c so that an exception will be
raised if the modification time overflows. There are a few other minor 64-bit
readiness changes made to the module as well:
 - size_t instead of int or long for function-local buffer and string length
   variables
 - one buffer overflow check was added (raises an exception on possible
   overflow, this overflow chance exists on 32-bit platforms as well), no
   other possible buffer overflows existed (from my analysis anyway)



Legal:

I confirm that, to the best of my knowledge and belief, this
contribution is free of any claims of third parties under
copyright, patent or other rights or interests ("claims").  To
the extent that I have any such claims, I hereby grant to CNRI a
nonexclusive, irrevocable, royalty-free, worldwide license to
reproduce, distribute, perform and/or display publicly, prepare
derivative versions, and otherwise use this contribution as part
of the Python software and its related documentation, or any
derivative versions thereof, at no cost to CNRI or its licensed
users, and to authorize others to do so.

I acknowledge that CNRI may, at its sole discretion, decide
whether or not to incorporate this contribution in the Python
software and its related documentation.  I further grant CNRI
permission to use my name and other identifying information
provided to CNRI by me for use in connection with the Python
software and its related documentation.


Patch (use 'patch -p8'):

*** /home/trentm/main/contrib/python/dist/src/Python/getmtime.c	Thu Jun  1 00:13:40 2000
--- /home/trentm/main/Apps/Perlium/Python/dist/src/Python/getmtime.c	Wed May 31 23:54:20 2000
***************
*** 33,45 ****
  
  /* (A separate file because this may be OS dependent) */
  
  #include "config.h"
  
  #include <stdio.h>
  #include <sys/types.h>
  #include <sys/stat.h>
  
! long
  PyOS_GetLastModificationTime(path, fp)
  	char *path;
  	FILE *fp;
--- 33,46 ----
  
  /* (A separate file because this may be OS dependent) */
  
+ #include "Python.h"
  #include "config.h"
  
  #include <stdio.h>
  #include <sys/types.h>
  #include <sys/stat.h>
  
! time_t
  PyOS_GetLastModificationTime(path, fp)
  	char *path;
  	FILE *fp;
*** /home/trentm/main/contrib/python/dist/src/Python/import.c	Thu Jun  1 00:13:40 2000
--- /home/trentm/main/Apps/Perlium/Python/dist/src/Python/import.c	Wed May 31 23:54:20 2000
***************
*** 74,80 ****
  #endif
  
  
! extern long PyOS_GetLastModificationTime(); /* In getmtime.c */
  
  /* Magic word to reject .pyc files generated by other Python versions */
  /* Change for each incompatible change */
--- 74,80 ----
  #endif
  
  
! extern time_t PyOS_GetLastModificationTime(); /* In getmtime.c */
  
  /* Magic word to reject .pyc files generated by other Python versions */
  /* Change for each incompatible change */
***************
*** 549,557 ****
  make_compiled_pathname(pathname, buf, buflen)
  	char *pathname;
  	char *buf;
! 	int buflen;
  {
! 	int len;
  
  	len = strlen(pathname);
  	if (len+2 > buflen)
--- 549,557 ----
  make_compiled_pathname(pathname, buf, buflen)
  	char *pathname;
  	char *buf;
! 	size_t buflen;
  {
! 	size_t len;
  
  	len = strlen(pathname);
  	if (len+2 > buflen)
***************
*** 732,738 ****
  	char *pathname;
  	FILE *fp;
  {
! 	long mtime;
  	FILE *fpc;
  	char buf[MAXPATHLEN+1];
  	char *cpathname;
--- 732,738 ----
  	char *pathname;
  	FILE *fp;
  {
! 	time_t mtime;
  	FILE *fpc;
  	char buf[MAXPATHLEN+1];
  	char *cpathname;
***************
*** 740,746 ****
  	PyObject *m;
  
  	mtime = PyOS_GetLastModificationTime(pathname, fp);
! 	cpathname = make_compiled_pathname(pathname, buf, MAXPATHLEN+1);
  	if (cpathname != NULL &&
  	    (fpc = check_compiled_module(pathname, mtime, cpathname))) {
  		co = read_compiled_module(cpathname, fpc);
--- 740,759 ----
  	PyObject *m;
  
  	mtime = PyOS_GetLastModificationTime(pathname, fp);
! 	if (mtime == -1)
! 		return NULL;
! #if SIZEOF_TIME_T > 4
! 	/* Python's .pyc timestamp handling presumes that the timestamp fits
! 	   in 4 bytes. This will be fine until sometime in the year 2038,
! 	   when a 4-byte signed time_t will overflow.
! 	 */
! 	if (mtime >> 32) {
! 		PyErr_SetString(PyExc_OverflowError,
! 			"modification time overflows a 4 bytes");
! 		return NULL;
! 	}
! #endif
! 	cpathname = make_compiled_pathname(pathname, buf, (size_t)MAXPATHLEN+1);
  	if (cpathname != NULL &&
  	    (fpc = check_compiled_module(pathname, mtime, cpathname))) {
  		co = read_compiled_module(cpathname, fpc);
***************
*** 771,777 ****
  /* Forward */
  static PyObject *load_module Py_PROTO((char *, FILE *, char *, int));
  static struct filedescr *find_module Py_PROTO((char *, PyObject *,
! 					       char *, int, FILE **));
  static struct _frozen *find_frozen Py_PROTO((char *name));
  
  /* Load a package and return its module object WITH INCREMENTED
--- 784,790 ----
  /* Forward */
  static PyObject *load_module Py_PROTO((char *, FILE *, char *, int));
  static struct filedescr *find_module Py_PROTO((char *, PyObject *,
! 					       char *, size_t, FILE **));
  static struct _frozen *find_frozen Py_PROTO((char *name));
  
  /* Load a package and return its module object WITH INCREMENTED
***************
*** 869,878 ****
  	PyObject *path;
  	/* Output parameters: */
  	char *buf;
! 	int buflen;
  	FILE **p_fp;
  {
! 	int i, npath, len, namelen;
  	struct _frozen *f;
  	struct filedescr *fdp = NULL;
  	FILE *fp = NULL;
--- 882,892 ----
  	PyObject *path;
  	/* Output parameters: */
  	char *buf;
! 	size_t buflen;
  	FILE **p_fp;
  {
! 	int i, npath;
! 	size_t len, namelen;
  	struct _frozen *f;
  	struct filedescr *fdp = NULL;
  	FILE *fp = NULL;
***************
*** 882,887 ****
--- 896,905 ----
  	static struct filedescr fd_package = {"", "", PKG_DIRECTORY};
  	char name[MAXPATHLEN+1];
  
+ 	if (strlen(realname) > MAXPATHLEN) {
+ 		PyErr_SetString(PyExc_OverflowError, "module name is too long");
+ 		return NULL;
+ 	}
  	strcpy(name, realname);
  
  	if (path != NULL && PyString_Check(path)) {
***************
*** 933,939 ****
  		if (len + 2 + namelen + MAXSUFFIXSIZE >= buflen)
  			continue; /* Too long */
  		strcpy(buf, PyString_AsString(v));
! 		if ((int)strlen(buf) != len)
  			continue; /* v contains '\0' */
  #ifdef macintosh
  #ifdef INTERN_STRINGS
--- 951,957 ----
  		if (len + 2 + namelen + MAXSUFFIXSIZE >= buflen)
  			continue; /* Too long */
  		strcpy(buf, PyString_AsString(v));
! 		if (strlen(buf) != len)
  			continue; /* v contains '\0' */
  #ifdef macintosh
  #ifdef INTERN_STRINGS
***************
*** 1181,1188 ****
  find_init_module(buf)
  	char *buf;
  {
! 	int save_len = strlen(buf);
! 	int i = save_len;
  	struct stat statbuf;
  
  	if (save_len + 13 >= MAXPATHLEN)
--- 1199,1206 ----
  find_init_module(buf)
  	char *buf;
  {
! 	size_t save_len = strlen(buf);
! 	size_t i = save_len;
  	struct stat statbuf;
  
  	if (save_len + 13 >= MAXPATHLEN)
***************
*** 1577,1583 ****
  	else {
  		char *start = PyString_AS_STRING(modname);
  		char *lastdot = strrchr(start, '.');
! 		int len;
  		if (lastdot == NULL)
  			return Py_None;
  		len = lastdot - start;
--- 1595,1601 ----
  	else {
  		char *start = PyString_AS_STRING(modname);
  		char *lastdot = strrchr(start, '.');
! 		size_t len;
  		if (lastdot == NULL)
  			return Py_None;
  		len = lastdot - start;
***************
*** 1612,1618 ****
  {
  	char *name = *p_name;
  	char *dot = strchr(name, '.');
! 	int len;
  	char *p;
  	PyObject *result;
  
--- 1630,1636 ----
  {
  	char *name = *p_name;
  	char *dot = strchr(name, '.');
! 	size_t len;
  	char *p;
  	PyObject *result;
  

-- 
Trent Mick
trentm@activestate.com