➜
This issue trackerhas been migrated toGitHub, and is currentlyread-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.
Created on2017-06-20 04:38 byserhiy.storchaka, last changed2022-04-11 14:58 byadmin. This issue is nowclosed.
| Pull Requests | |||
|---|---|---|---|
| URL | Status | Linked | Edit |
| PR 2285 | merged | serhiy.storchaka,2017-06-20 04:45 | |
| PR 2443 | merged | serhiy.storchaka,2017-06-27 14:39 | |
| PR 2448 | merged | serhiy.storchaka,2017-06-27 18:15 | |
| Messages (7) | |||
|---|---|---|---|
| msg296401 -(view) | Author: Serhiy Storchaka (serhiy.storchaka)* | Date: 2017-06-20 04:38 | |
The second parameter of the PyUnicode_AsWideCharString() function wchar_t* PyUnicode_AsWideCharString(PyObject *unicode, Py_ssize_t *size)is a pointer to Py_ssize_t. The size of created wchar_t array is saved on this pointer if it is not NULL. If NULL is passed as the second argument, the only way to determine the size of the wchar_t string is using wcslen(). But if the string contains the null characters, it looks truncated for wcslen() and other C API functions.Reliable code should always pass the non-NULL second argument and check that wcslen() is equal to the returned string size. See for example the code inModules/_io/winconsoleio.c. Passing NULL as the second argument is unsafe. But most code doesn't do such check (see all other usages of PyUnicode_AsWideCharString(..., NULL)). And this check complicates the callers code.I propose to make the check for null characters inside of PyUnicode_AsWideCharString() if NULL is passes as the second argument. This will fix all unsafe usages of PyUnicode_AsWideCharString() and allow to simplify the reliable code.This issue fixes the part ofissue13617. | |||
| msg296514 -(view) | Author: Serhiy Storchaka (serhiy.storchaka)* | Date: 2017-06-21 04:43 | |
This change needs changing one ctypes test, and can break third-party tests or even a code. That is why it is targeted only for 3.7. I'm going to backport the change as a private function for using in CPython internally since this can fix vulnerabilities. | |||
| msg296755 -(view) | Author: Serhiy Storchaka (serhiy.storchaka)* | Date: 2017-06-24 06:31 | |
Could anyone please make a review of this PR? Especially the documentation part. This PR is a part of a set of PRs that fix potential vulnerabilities (issue13617,issue30730, and yet few issues planned). | |||
| msg297031 -(view) | Author: Serhiy Storchaka (serhiy.storchaka)* | Date: 2017-06-27 13:03 | |
New changesete613e6add5f07ff6aad5802924596b631b707d2a by Serhiy Storchaka in branch 'master':bpo-30708: Check for null characters in PyUnicode_AsWideCharString(). (#2285)https://github.com/python/cpython/commit/e613e6add5f07ff6aad5802924596b631b707d2a | |||
| msg297062 -(view) | Author: Serhiy Storchaka (serhiy.storchaka)* | Date: 2017-06-27 18:09 | |
New changeset0edffa3073b551ffeca34952529e7b292f1bd350 by Serhiy Storchaka in branch '3.6':[3.6]bpo-30708: Check for null characters in PyUnicode_AsWideCharString(). (GH-2285) (#2443)https://github.com/python/cpython/commit/0edffa3073b551ffeca34952529e7b292f1bd350 | |||
| msg297066 -(view) | Author: Serhiy Storchaka (serhiy.storchaka)* | Date: 2017-06-27 18:52 | |
New changeset94b169fe48bc7ea76b926823885d1b12c2c381fa by Serhiy Storchaka in branch '3.5':[3.5]bpo-30708: Add private C API function _PyUnicode_AsWideCharString(). (GH-2285) (GH-2443) (#2448)https://github.com/python/cpython/commit/94b169fe48bc7ea76b926823885d1b12c2c381fa | |||
| msg297069 -(view) | Author: Serhiy Storchaka (serhiy.storchaka)* | Date: 2017-06-27 19:06 | |
Wrong commit message in 3.6. Should be the same as in 3.5.This functionality was backported as a private function _PyUnicode_AsWideCharString(). | |||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:58:47 | admin | set | github: 74893 |
| 2017-06-27 19:06:14 | serhiy.storchaka | set | status: open -> closed resolution: fixed messages: +msg297069 stage: patch review -> resolved |
| 2017-06-27 18:52:12 | serhiy.storchaka | set | messages: +msg297066 |
| 2017-06-27 18:15:24 | serhiy.storchaka | set | pull_requests: +pull_request2505 |
| 2017-06-27 18:09:01 | serhiy.storchaka | set | messages: +msg297062 |
| 2017-06-27 14:39:50 | serhiy.storchaka | set | pull_requests: +pull_request2497 |
| 2017-06-27 13:03:16 | serhiy.storchaka | set | messages: +msg297031 |
| 2017-06-24 06:31:49 | serhiy.storchaka | set | messages: +msg296755 |
| 2017-06-21 04:43:11 | serhiy.storchaka | set | messages: +msg296514 |
| 2017-06-20 15:42:20 | serhiy.storchaka | link | issue13617 dependencies |
| 2017-06-20 04:45:09 | serhiy.storchaka | set | pull_requests: +pull_request2333 |
| 2017-06-20 04:38:10 | serhiy.storchaka | create | |