[Python-checkins] bpo-35161: Fix stack-use-after-scope in grp.getgr{nam, gid} and pwd.getpw{nam, uid}. (GH-10319)

Serhiy Storchaka webhook-mailer at python.org
Sun Nov 4 10:44:25 EST 2018 

https://github.com/python/cpython/commit/e359bc24b1f3a6ce311b9ef3043d1fdf5f1bf1cd
commit: e359bc24b1f3a6ce311b9ef3043d1fdf5f1bf1cd
branch: master
author: Alexey Izbyshev <izbyshev at ispras.ru>
committer: Serhiy Storchaka <storchaka at gmail.com>
date: 2018-11-04T17:44:16+02:00
summary:

bpo-35161: Fix stack-use-after-scope in grp.getgr{nam,gid} and pwd.getpw{nam,uid}. (GH-10319)

Reported by ASAN.

files:
M Modules/grpmodule.c
M Modules/pwdmodule.c

diff --git a/Modules/grpmodule.c b/Modules/grpmodule.c
index 74286ab3974d..d426f083111e 100644
--- a/Modules/grpmodule.c
+++ b/Modules/grpmodule.c
@@ -124,11 +124,12 @@ grp_getgrgid_impl(PyObject *module, PyObject *id)
         Py_DECREF(py_int_id);
     }
 #ifdef HAVE_GETGRGID_R
-    Py_BEGIN_ALLOW_THREADS
     int status;
     Py_ssize_t bufsize;
+    /* Note: 'grp' will be used via pointer 'p' on getgrgid_r success. */
     struct group grp;
 
+    Py_BEGIN_ALLOW_THREADS
     bufsize = sysconf(_SC_GETGR_R_SIZE_MAX);
     if (bufsize == -1) {
         bufsize = DEFAULT_BUFFER_SIZE;
@@ -204,11 +205,12 @@ grp_getgrnam_impl(PyObject *module, PyObject *name)
     if (PyBytes_AsStringAndSize(bytes, &name_chars, NULL) == -1)
         goto out;
 #ifdef HAVE_GETGRNAM_R
-    Py_BEGIN_ALLOW_THREADS
     int status;
     Py_ssize_t bufsize;
+    /* Note: 'grp' will be used via pointer 'p' on getgrnam_r success. */
     struct group grp;
 
+    Py_BEGIN_ALLOW_THREADS
     bufsize = sysconf(_SC_GETGR_R_SIZE_MAX);
     if (bufsize == -1) {
         bufsize = DEFAULT_BUFFER_SIZE;
diff --git a/Modules/pwdmodule.c b/Modules/pwdmodule.c
index d15286dc10fc..1286e7d5ce59 100644
--- a/Modules/pwdmodule.c
+++ b/Modules/pwdmodule.c
@@ -131,11 +131,12 @@ pwd_getpwuid(PyObject *module, PyObject *uidobj)
         return NULL;
     }
 #ifdef HAVE_GETPWUID_R
-    Py_BEGIN_ALLOW_THREADS
     int status;
     Py_ssize_t bufsize;
+    /* Note: 'pwd' will be used via pointer 'p' on getpwuid_r success. */
     struct passwd pwd;
 
+    Py_BEGIN_ALLOW_THREADS
     bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
     if (bufsize == -1) {
         bufsize = DEFAULT_BUFFER_SIZE;
@@ -212,11 +213,12 @@ pwd_getpwnam_impl(PyObject *module, PyObject *name)
     if (PyBytes_AsStringAndSize(bytes, &name_chars, NULL) == -1)
         goto out;
 #ifdef HAVE_GETPWNAM_R
-    Py_BEGIN_ALLOW_THREADS
     int status;
     Py_ssize_t bufsize;
+    /* Note: 'pwd' will be used via pointer 'p' on getpwnam_r success. */
     struct passwd pwd;
 
+    Py_BEGIN_ALLOW_THREADS
     bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
     if (bufsize == -1) {
         bufsize = DEFAULT_BUFFER_SIZE;

More information about the Python-checkins mailing list