[Patches] [ python-Patches-602108 ] improper use of strncpy in getpath

noreply@sourceforge.net noreply@sourceforge.net
Thu, 05 Sep 2002 13:32:01 -0700


Patches item #602108, was opened at 2002-08-29 17:23
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=602108&group_id=5470

Category: Core (C code)
Group: Python 2.3
Status: Closed
Resolution: Rejected
Priority: 5
Submitted By: Neal Norwitz (nnorwitz)
>Assigned to: Guido van Rossum (gvanrossum)
Summary: improper use of strncpy in getpath

Initial Comment:
Many uses of strncpy() in Modules/getpath and
PC/getpathp do not copy the terminating null character
onto the string.  This patch makes sure the strings are
null terminated after strncpy().
Should this be backported?

----------------------------------------------------------------------

>Comment By: Neal Norwitz (nnorwitz)
Date: 2002-09-05 16:32

Message:
Logged In: YES 
user_id=33168

I spoke too soon.  Not all the variables are global static.
 In Modules/getpath.c::calculate_path() (line 363),
argv0_path is a local, non-static variable.  In the original
patch, this was set to the null char in 4 places.  I think
it would be easier to do:
  argv0_path[MAXPATHLEN] = '\0';

once, before argv0_path is used rather than after each
strncpy().

----------------------------------------------------------------------

Comment By: Neal Norwitz (nnorwitz)
Date: 2002-09-03 17:51

Message:
Logged In: YES 
user_id=33168

You are correct.  There should always be a null byte since
all the variables are static.

----------------------------------------------------------------------

Comment By: Guido van Rossum (gvanrossum)
Date: 2002-09-03 14:55

Message:
Logged In: YES 
user_id=6380

Since the variables affected are all globals, there is
already a null byte in the final position. So there's no
need to write one explicitly. I therefore reject this patch.
I'm leaving it open in case I'm misunderstanding something.
If you agree, please close it.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=602108&group_id=5470