[Python-checkins] python/dist/src/Modules _cursesmodule.c, 2.73, 2.74

akuchling@users.sourceforge.net akuchling at users.sourceforge.net
Thu Jun 9 19:53:32 CEST 2005 

Update of /cvsroot/python/python/dist/src/Modules
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv12117

Modified Files:
	_cursesmodule.c 
Log Message:
[Bug #1200134] Fix buffer overflow by constraining size of .getstr(), .instr() to size of allocated buffer

Index: _cursesmodule.c
===================================================================
RCS file: /cvsroot/python/python/dist/src/Modules/_cursesmodule.c,v
retrieving revision 2.73
retrieving revision 2.74
diff -u -d -r2.73 -r2.74
--- _cursesmodule.c	4 Aug 2004 14:33:28 -0000	2.73
+++ _cursesmodule.c	9 Jun 2005 17:53:27 -0000	2.74
@@ -162,6 +162,10 @@
                                   "must call start_color() first"); \
                   return 0; }
 
+#ifndef MIN
+#define MIN(x,y) ((x) < (y) ? (x) : (y))
+#endif
+
 /* Utility Functions */
 
 /*
@@ -801,21 +805,21 @@
   switch (PyTuple_Size(args)) {
   case 0:
     Py_BEGIN_ALLOW_THREADS
-    rtn2 = wgetstr(self->win,rtn);
+    rtn2 = wgetnstr(self->win,rtn, 1023);
     Py_END_ALLOW_THREADS
     break;
   case 1:
     if (!PyArg_ParseTuple(args,"i;n", &n))
       return NULL;
     Py_BEGIN_ALLOW_THREADS
-    rtn2 = wgetnstr(self->win,rtn,n);
+    rtn2 = wgetnstr(self->win,rtn,MIN(n, 1023));
     Py_END_ALLOW_THREADS
     break;
   case 2:
     if (!PyArg_ParseTuple(args,"ii;y,x",&y,&x))
       return NULL;
     Py_BEGIN_ALLOW_THREADS
-    rtn2 = mvwgetstr(self->win,y,x,rtn);
+    rtn2 = mvwgetnstr(self->win,y,x,rtn, 1023);
     Py_END_ALLOW_THREADS
     break;
   case 3:
@@ -825,11 +829,11 @@
  /* Untested */
     Py_BEGIN_ALLOW_THREADS
     rtn2 = wmove(self->win,y,x)==ERR ? ERR :
-      wgetnstr(self->win, rtn, n);
+      wgetnstr(self->win, rtn, MIN(n, 1023));
     Py_END_ALLOW_THREADS
 #else
     Py_BEGIN_ALLOW_THREADS
-    rtn2 = mvwgetnstr(self->win, y, x, rtn, n);
+    rtn2 = mvwgetnstr(self->win, y, x, rtn, MIN(n, 1023));
     Py_END_ALLOW_THREADS
 #endif
     break;
@@ -962,22 +966,22 @@
 
   switch (PyTuple_Size(args)) {
   case 0:
-    rtn2 = winstr(self->win,rtn);
+    rtn2 = winnstr(self->win,rtn, 1023);
     break;
   case 1:
     if (!PyArg_ParseTuple(args,"i;n", &n))
       return NULL;
-    rtn2 = winnstr(self->win,rtn,n);
+    rtn2 = winnstr(self->win,rtn,MIN(n,1023));
     break;
   case 2:
     if (!PyArg_ParseTuple(args,"ii;y,x",&y,&x))
       return NULL;
-    rtn2 = mvwinstr(self->win,y,x,rtn);
+    rtn2 = mvwinnstr(self->win,y,x,rtn,1023);
     break;
   case 3:
     if (!PyArg_ParseTuple(args, "iii;y,x,n", &y, &x, &n))
       return NULL;
-    rtn2 = mvwinnstr(self->win, y, x, rtn, n);
+    rtn2 = mvwinnstr(self->win, y, x, rtn, MIN(n,1023));
     break;
   default:
     PyErr_SetString(PyExc_TypeError, "instr requires 0 or 3 arguments");

More information about the Python-checkins mailing list