[Patches] [ python-Patches-602108 ] improper use of strncpy in getpath
noreply@sourceforge.net
noreply@sourceforge.net
Thu, 05 Sep 2002 13:32:01 -0700
Patches item #602108, was opened at 2002-08-29 17:23
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=602108&group_id=5470
Category: Core (C code)
Group: Python 2.3
Status: Closed
Resolution: Rejected
Priority: 5
Submitted By: Neal Norwitz (nnorwitz)
>Assigned to: Guido van Rossum (gvanrossum)
Summary: improper use of strncpy in getpath
Initial Comment:
Many uses of strncpy() in Modules/getpath and
PC/getpathp do not copy the terminating null character
onto the string. This patch makes sure the strings are
null terminated after strncpy().
Should this be backported?
----------------------------------------------------------------------
>Comment By: Neal Norwitz (nnorwitz)
Date: 2002-09-05 16:32
Message:
Logged In: YES
user_id=33168
I spoke too soon. Not all the variables are global static.
In Modules/getpath.c::calculate_path() (line 363),
argv0_path is a local, non-static variable. In the original
patch, this was set to the null char in 4 places. I think
it would be easier to do:
argv0_path[MAXPATHLEN] = '\0';
once, before argv0_path is used rather than after each
strncpy().
----------------------------------------------------------------------
Comment By: Neal Norwitz (nnorwitz)
Date: 2002-09-03 17:51
Message:
Logged In: YES
user_id=33168
You are correct. There should always be a null byte since
all the variables are static.
----------------------------------------------------------------------
Comment By: Guido van Rossum (gvanrossum)
Date: 2002-09-03 14:55
Message:
Logged In: YES
user_id=6380
Since the variables affected are all globals, there is
already a null byte in the final position. So there's no
need to write one explicitly. I therefore reject this patch.
I'm leaving it open in case I'm misunderstanding something.
If you agree, please close it.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=602108&group_id=5470