[Python-checkins] bpo-33016: Fix potential use of uninitialized memory in nt._getfinalpathname (GH-6032)
Steve Dower
webhook-mailer at python.org
Thu Mar 8 17:50:40 EST 2018
https://github.com/python/cpython/commit/32efcd13069a89abf007373274ee1bc0909d1996
commit: 32efcd13069a89abf007373274ee1bc0909d1996
branch: 3.6
author: Steve Dower <steve.dower at microsoft.com>
committer: GitHub <noreply at github.com>
date: 2018-03-08T14:50:30-08:00
summary:
bpo-33016: Fix potential use of uninitialized memory in nt._getfinalpathname (GH-6032)
files:
A Misc/NEWS.d/next/Windows/2018-03-07-01-33-33.bpo-33016.Z_Med0.rst
M Modules/posixmodule.c
diff --git a/Misc/NEWS.d/next/Windows/2018-03-07-01-33-33.bpo-33016.Z_Med0.rst b/Misc/NEWS.d/next/Windows/2018-03-07-01-33-33.bpo-33016.Z_Med0.rst
new file mode 100644
index 000000000000..f4f78d489bf1
--- /dev/null
+++ b/Misc/NEWS.d/next/Windows/2018-03-07-01-33-33.bpo-33016.Z_Med0.rst
@@ -0,0 +1 @@
+Fix potential use of uninitialized memory in nt._getfinalpathname
diff --git a/Modules/posixmodule.c b/Modules/posixmodule.c
index 39ba030b5191..9c05acb24f0c 100644
--- a/Modules/posixmodule.c
+++ b/Modules/posixmodule.c
@@ -306,12 +306,6 @@ extern int lstat(const char *, struct stat *);
#ifdef HAVE_PROCESS_H
#include <process.h>
#endif
-#ifndef VOLUME_NAME_DOS
-#define VOLUME_NAME_DOS 0x0
-#endif
-#ifndef VOLUME_NAME_NT
-#define VOLUME_NAME_NT 0x2
-#endif
#ifndef IO_REPARSE_TAG_SYMLINK
#define IO_REPARSE_TAG_SYMLINK (0xA000000CL)
#endif
@@ -3672,8 +3666,8 @@ os__getfinalpathname_impl(PyObject *module, PyObject *path)
/*[clinic end generated code: output=9bd78d0e52782e75 input=71d5e89334891bf4]*/
{
HANDLE hFile;
- int buf_size;
- wchar_t *target_path;
+ wchar_t buf[MAXPATHLEN], *target_path = buf;
+ int buf_size = Py_ARRAY_LENGTH(buf);
int result_length;
PyObject *result;
const wchar_t *path_wchar;
@@ -3682,6 +3676,7 @@ os__getfinalpathname_impl(PyObject *module, PyObject *path)
if (path_wchar == NULL)
return NULL;
+ Py_BEGIN_ALLOW_THREADS
hFile = CreateFileW(
path_wchar,
0, /* desired access */
@@ -3691,32 +3686,47 @@ os__getfinalpathname_impl(PyObject *module, PyObject *path)
/* FILE_FLAG_BACKUP_SEMANTICS is required to open a directory */
FILE_FLAG_BACKUP_SEMANTICS,
NULL);
+ Py_END_ALLOW_THREADS
if(hFile == INVALID_HANDLE_VALUE)
return win32_error_object("CreateFileW", path);
/* We have a good handle to the target, use it to determine the
target path name. */
- buf_size = GetFinalPathNameByHandleW(hFile, 0, 0, VOLUME_NAME_NT);
+ while (1) {
+ Py_BEGIN_ALLOW_THREADS
+ result_length = GetFinalPathNameByHandleW(hFile, target_path,
+ buf_size, VOLUME_NAME_DOS);
+ Py_END_ALLOW_THREADS
- if(!buf_size)
- return win32_error_object("GetFinalPathNameByHandle", path);
+ if (!result_length) {
+ result = win32_error_object("GetFinalPathNameByHandleW", path);
+ goto cleanup;
+ }
- target_path = PyMem_New(wchar_t, buf_size+1);
- if(!target_path)
- return PyErr_NoMemory();
+ if (result_length < buf_size) {
+ break;
+ }
- result_length = GetFinalPathNameByHandleW(hFile, target_path,
- buf_size, VOLUME_NAME_DOS);
- if(!result_length)
- return win32_error_object("GetFinalPathNamyByHandle", path);
+ wchar_t *tmp;
+ tmp = PyMem_Realloc(target_path != buf ? target_path : NULL,
+ result_length * sizeof(*tmp));
+ if (!tmp) {
+ result = PyErr_NoMemory();
+ goto cleanup;
+ }
- if(!CloseHandle(hFile))
- return win32_error_object("CloseHandle", path);
+ buf_size = result_length;
+ target_path = tmp;
+ }
- target_path[result_length] = 0;
result = PyUnicode_FromWideChar(target_path, result_length);
- PyMem_Free(target_path);
+
+cleanup:
+ if (target_path != buf) {
+ PyMem_Free(target_path);
+ }
+ CloseHandle(hFile);
return result;
}
More information about the Python-checkins
mailing list