Skip to content

C
cpython
Commit 52a14c3c authored by Andrew M. Kuchling's avatar Andrew M. Kuchling
Browse files
Options

[Bug #1200134] Fix buffer overflow by constraining size of .getstr(), .instr()... 

[Bug #1200134] Fix buffer overflow by constraining size of .getstr(), .instr() to size of allocated buffer
parent 4aef2458
Hide whitespace changes
Inline Side-by-side
Showing with 13 additions and 9 deletions
Modules/_cursesmodule.c
View file @ 52a14c3c
...@@ -162,6 +162,10 @@ static int initialisedcolors = FALSE; ...@@ -162,6 +162,10 @@ static int initialisedcolors = FALSE;
"must call start_color() first"); \ "must call start_color() first"); \
return 0; } return 0; }
#ifndef MIN
#define MIN(x,y) ((x) < (y) ? (x) : (y))
#endif
/* Utility Functions */ /* Utility Functions */
/* /*
...@@ -801,21 +805,21 @@ PyCursesWindow_GetStr(PyCursesWindowObject *self, PyObject *args) ...@@ -801,21 +805,21 @@ PyCursesWindow_GetStr(PyCursesWindowObject *self, PyObject *args)
switch (PyTuple_Size(args)) { switch (PyTuple_Size(args)) {
case 0: case 0:
Py_BEGIN_ALLOW_THREADS Py_BEGIN_ALLOW_THREADS
rtn2 = wgetstr(self->win,rtn); rtn2 = wgetnstr(self->win,rtn, 1023);
Py_END_ALLOW_THREADS Py_END_ALLOW_THREADS
break; break;
case 1: case 1:
if (!PyArg_ParseTuple(args,"i;n", &n)) if (!PyArg_ParseTuple(args,"i;n", &n))
return NULL; return NULL;
Py_BEGIN_ALLOW_THREADS Py_BEGIN_ALLOW_THREADS
rtn2 = wgetnstr(self->win,rtn,n); rtn2 = wgetnstr(self->win,rtn,MIN(n, 1023));
Py_END_ALLOW_THREADS Py_END_ALLOW_THREADS
break; break;
case 2: case 2:
if (!PyArg_ParseTuple(args,"ii;y,x",&y,&x)) if (!PyArg_ParseTuple(args,"ii;y,x",&y,&x))
return NULL; return NULL;
Py_BEGIN_ALLOW_THREADS Py_BEGIN_ALLOW_THREADS
rtn2 = mvwgetstr(self->win,y,x,rtn); rtn2 = mvwgetnstr(self->win,y,x,rtn, 1023);
Py_END_ALLOW_THREADS Py_END_ALLOW_THREADS
break; break;
case 3: case 3:
...@@ -825,11 +829,11 @@ PyCursesWindow_GetStr(PyCursesWindowObject *self, PyObject *args) ...@@ -825,11 +829,11 @@ PyCursesWindow_GetStr(PyCursesWindowObject *self, PyObject *args)
/* Untested */ /* Untested */
Py_BEGIN_ALLOW_THREADS Py_BEGIN_ALLOW_THREADS
rtn2 = wmove(self->win,y,x)==ERR ? ERR : rtn2 = wmove(self->win,y,x)==ERR ? ERR :
wgetnstr(self->win, rtn, n); wgetnstr(self->win, rtn, MIN(n, 1023));
Py_END_ALLOW_THREADS Py_END_ALLOW_THREADS
#else #else
Py_BEGIN_ALLOW_THREADS Py_BEGIN_ALLOW_THREADS
rtn2 = mvwgetnstr(self->win, y, x, rtn, n); rtn2 = mvwgetnstr(self->win, y, x, rtn, MIN(n, 1023));
Py_END_ALLOW_THREADS Py_END_ALLOW_THREADS
#endif #endif
break; break;
...@@ -962,22 +966,22 @@ PyCursesWindow_InStr(PyCursesWindowObject *self, PyObject *args) ...@@ -962,22 +966,22 @@ PyCursesWindow_InStr(PyCursesWindowObject *self, PyObject *args)
switch (PyTuple_Size(args)) { switch (PyTuple_Size(args)) {
case 0: case 0:
rtn2 = winstr(self->win,rtn); rtn2 = winnstr(self->win,rtn, 1023);
break; break;
case 1: case 1:
if (!PyArg_ParseTuple(args,"i;n", &n)) if (!PyArg_ParseTuple(args,"i;n", &n))
return NULL; return NULL;
rtn2 = winnstr(self->win,rtn,n); rtn2 = winnstr(self->win,rtn,MIN(n,1023));
break; break;
case 2: case 2:
if (!PyArg_ParseTuple(args,"ii;y,x",&y,&x)) if (!PyArg_ParseTuple(args,"ii;y,x",&y,&x))
return NULL; return NULL;
rtn2 = mvwinstr(self->win,y,x,rtn); rtn2 = mvwinnstr(self->win,y,x,rtn,1023);
break; break;
case 3: case 3:
if (!PyArg_ParseTuple(args, "iii;y,x,n", &y, &x, &n)) if (!PyArg_ParseTuple(args, "iii;y,x,n", &y, &x, &n))
return NULL; return NULL;
rtn2 = mvwinnstr(self->win, y, x, rtn, n); rtn2 = mvwinnstr(self->win, y, x, rtn, MIN(n,1023));
break; break;
default: default:
PyErr_SetString(PyExc_TypeError, "instr requires 0 or 3 arguments"); PyErr_SetString(PyExc_TypeError, "instr requires 0 or 3 arguments");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7