[Python-checkins] bpo-39401: Avoid unsafe DLL load on Windows 7 and earlier (GH-18231)
Steve Dower
webhook-mailer at python.org
Tue Jan 28 21:46:40 EST 2020
https://github.com/python/cpython/commit/6a65eba44bfd82ccc8bed4b5c6dd6637549955d5
commit: 6a65eba44bfd82ccc8bed4b5c6dd6637549955d5
branch: master
author: Steve Dower <steve.dower at python.org>
committer: GitHub <noreply at github.com>
date: 2020-01-29T13:46:33+11:00
summary:
bpo-39401: Avoid unsafe DLL load on Windows 7 and earlier (GH-18231)
As Windows 7 is not supported by Python 3.9, we just replace the dynamic load with a static import. Backports will have a different fix to ensure they continue to behave the same.
files:
A Misc/NEWS.d/next/Security/2020-01-28-20-54-09.bpo-39401.he7h_A.rst
M PC/getpathp.c
M PCbuild/pythoncore.vcxproj
diff --git a/Misc/NEWS.d/next/Security/2020-01-28-20-54-09.bpo-39401.he7h_A.rst b/Misc/NEWS.d/next/Security/2020-01-28-20-54-09.bpo-39401.he7h_A.rst
new file mode 100644
index 0000000000000..78274acfcb743
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2020-01-28-20-54-09.bpo-39401.he7h_A.rst
@@ -0,0 +1 @@
+Avoid unsafe DLL load at startup on Windows 7 and earlier.
diff --git a/PC/getpathp.c b/PC/getpathp.c
index 085caf195a992..3b65b35ce6146 100644
--- a/PC/getpathp.c
+++ b/PC/getpathp.c
@@ -91,6 +91,7 @@
#endif
#include <windows.h>
+#include <pathcch.h>
#include <shlwapi.h>
#ifdef HAVE_SYS_TYPES_H
@@ -242,42 +243,14 @@ ismodule(wchar_t *filename, int update_filename)
stuff as fits will be appended.
*/
-static int _PathCchCombineEx_Initialized = 0;
-typedef HRESULT(__stdcall *PPathCchCombineEx) (PWSTR pszPathOut, size_t cchPathOut,
- PCWSTR pszPathIn, PCWSTR pszMore,
- unsigned long dwFlags);
-static PPathCchCombineEx _PathCchCombineEx;
-
static void
join(wchar_t *buffer, const wchar_t *stuff)
{
- if (_PathCchCombineEx_Initialized == 0) {
- HMODULE pathapi = LoadLibraryW(L"api-ms-win-core-path-l1-1-0.dll");
- if (pathapi) {
- _PathCchCombineEx = (PPathCchCombineEx)GetProcAddress(pathapi, "PathCchCombineEx");
- }
- else {
- _PathCchCombineEx = NULL;
- }
- _PathCchCombineEx_Initialized = 1;
- }
-
- if (_PathCchCombineEx) {
- if (FAILED(_PathCchCombineEx(buffer, MAXPATHLEN+1, buffer, stuff, 0))) {
- Py_FatalError("buffer overflow in getpathp.c's join()");
- }
- } else {
- if (!PathCombineW(buffer, buffer, stuff)) {
- Py_FatalError("buffer overflow in getpathp.c's join()");
- }
+ if (FAILED(PathCchCombineEx(buffer, MAXPATHLEN+1, buffer, stuff, 0))) {
+ Py_FatalError("buffer overflow in getpathp.c's join()");
}
}
-static int _PathCchCanonicalizeEx_Initialized = 0;
-typedef HRESULT(__stdcall *PPathCchCanonicalizeEx) (PWSTR pszPathOut, size_t cchPathOut,
- PCWSTR pszPathIn, unsigned long dwFlags);
-static PPathCchCanonicalizeEx _PathCchCanonicalizeEx;
-
/* Call PathCchCanonicalizeEx(path): remove navigation elements such as "."
and ".." to produce a direct, well-formed path. */
static PyStatus
@@ -287,26 +260,8 @@ canonicalize(wchar_t *buffer, const wchar_t *path)
return _PyStatus_NO_MEMORY();
}
- if (_PathCchCanonicalizeEx_Initialized == 0) {
- HMODULE pathapi = LoadLibraryW(L"api-ms-win-core-path-l1-1-0.dll");
- if (pathapi) {
- _PathCchCanonicalizeEx = (PPathCchCanonicalizeEx)GetProcAddress(pathapi, "PathCchCanonicalizeEx");
- }
- else {
- _PathCchCanonicalizeEx = NULL;
- }
- _PathCchCanonicalizeEx_Initialized = 1;
- }
-
- if (_PathCchCanonicalizeEx) {
- if (FAILED(_PathCchCanonicalizeEx(buffer, MAXPATHLEN + 1, path, 0))) {
- return INIT_ERR_BUFFER_OVERFLOW();
- }
- }
- else {
- if (!PathCanonicalizeW(buffer, path)) {
- return INIT_ERR_BUFFER_OVERFLOW();
- }
+ if (FAILED(PathCchCanonicalizeEx(buffer, MAXPATHLEN + 1, path, 0))) {
+ return INIT_ERR_BUFFER_OVERFLOW();
}
return _PyStatus_OK();
}
diff --git a/PCbuild/pythoncore.vcxproj b/PCbuild/pythoncore.vcxproj
index f5be8aa4051e8..cfab2fa4e189c 100644
--- a/PCbuild/pythoncore.vcxproj
+++ b/PCbuild/pythoncore.vcxproj
@@ -106,7 +106,7 @@
<PreprocessorDefinitions Condition="$(IncludeExternals)">_Py_HAVE_ZLIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
</ClCompile>
<Link>
- <AdditionalDependencies>version.lib;shlwapi.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+ <AdditionalDependencies>version.lib;shlwapi.lib;ws2_32.lib;pathcch.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemGroup>
More information about the Python-checkins
mailing list