Issue #24594: Validates persist parameter when opening MSI database

6ceda631 · Steve Dower · 94a7927c · 6ceda631 · 6ceda631
Commit 6ceda631 authored Sep 09, 2016 by Steve Dower
Hide whitespace changes
Inline Side-by-side

Showing with 19 additions and 3 deletions

Misc/NEWS Misc/NEWS +2 -0

PC/_msi.c PC/_msi.c +17 -3

No files found.
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -62,6 +62,8 @@ Core and Builtins
 Library
 -------

+- Issue #24594: Validates persist parameter when opening MSI database
+
 - Issue #28047: Fixed calculation of line length used for the base64 CTE
  in the new email policies.


--- a/PC/_msi.c
+++ b/PC/_msi.c
@@ -955,6 +955,17 @@ static PyTypeObject msidb_Type = {
        0,                      /*tp_is_gc*/
 };

+#define Py_NOT_PERSIST(x, flag)                        \
+    (x != (int)(flag) &&                      \
+    x != ((int)(flag) | MSIDBOPEN_PATCHFILE))
+
+#define Py_INVALID_PERSIST(x)                \
+    (Py_NOT_PERSIST(x, MSIDBOPEN_READONLY) &&  \
+    Py_NOT_PERSIST(x, MSIDBOPEN_TRANSACT) &&   \
+    Py_NOT_PERSIST(x, MSIDBOPEN_DIRECT) &&     \
+    Py_NOT_PERSIST(x, MSIDBOPEN_CREATE) &&     \
+    Py_NOT_PERSIST(x, MSIDBOPEN_CREATEDIRECT))
+
 static PyObject* msiopendb(PyObject *obj, PyObject *args)
 {
    int status;
@@ -962,11 +973,14 @@ static PyObject* msiopendb(PyObject *obj, PyObject *args)
    int persist;
    MSIHANDLE h;
    msiobj *result;
-
    if (!PyArg_ParseTuple(args, "si:MSIOpenDatabase", &path, &persist))
        return NULL;
-
-        status = MsiOpenDatabase(path, (LPCSTR)persist, &h);
+    /* We need to validate that persist is a valid MSIDBOPEN_* value. Otherwise,
+       MsiOpenDatabase may treat the value as a pointer, leading to unexpected
+       behavior. */
+    if (Py_INVALID_PERSIST(persist))
+        return msierror(ERROR_INVALID_PARAMETER);
+    status = MsiOpenDatabase(path, (LPCSTR)persist, &h);
    if (status != ERROR_SUCCESS)
        return msierror(status);