[Python-checkins] CVS: python/dist/src/Python compile.c,2.230,2.231 dynload_os2.c,2.5,2.6 dynload_win.c,2.8,2.9 getargs.c,2.84,2.85
M.-A. Lemburg
lemburg@users.sourceforge.net
Wed, 28 Nov 2001 03:47:02 -0800
Update of /cvsroot/python/python/dist/src/Python
In directory usw-pr-cvs1:/tmp/cvs-serv15762/Python
Modified Files:
compile.c dynload_os2.c dynload_win.c getargs.c
Log Message:
Fixes for possible buffer overflows in sprintf() usages.
Index: compile.c
===================================================================
RCS file: /cvsroot/python/python/dist/src/Python/compile.c,v
retrieving revision 2.230
retrieving revision 2.231
diff -C2 -d -r2.230 -r2.231
*** compile.c 2001/11/09 22:02:46 2.230
--- compile.c 2001/11/28 11:47:00 2.231
***************
*** 4196,4200 ****
}
}
! sprintf(buf,
"unknown scope for %.100s in %.100s(%s) "
"in %s\nsymbols: %s\nlocals: %s\nglobals: %s\n",
--- 4196,4200 ----
}
}
! PyOS_snprintf(buf, sizeof(buf),
"unknown scope for %.100s in %.100s(%s) "
"in %s\nsymbols: %s\nlocals: %s\nglobals: %s\n",
Index: dynload_os2.c
===================================================================
RCS file: /cvsroot/python/python/dist/src/Python/dynload_os2.c,v
retrieving revision 2.5
retrieving revision 2.6
diff -C2 -d -r2.5 -r2.6
*** dynload_os2.c 2000/09/01 23:29:28 2.5
--- dynload_os2.c 2001/11/28 11:47:00 2.6
***************
*** 33,37 ****
char errBuf[256];
sprintf(errBuf,
! "DLL load failed, rc = %d: %s",
rc, failreason);
PyErr_SetString(PyExc_ImportError, errBuf);
--- 33,37 ----
char errBuf[256];
sprintf(errBuf,
! "DLL load failed, rc = %d: %.200s",
rc, failreason);
PyErr_SetString(PyExc_ImportError, errBuf);
Index: dynload_win.c
===================================================================
RCS file: /cvsroot/python/python/dist/src/Python/dynload_win.c,v
retrieving revision 2.8
retrieving revision 2.9
diff -C2 -d -r2.8 -r2.9
*** dynload_win.c 2001/05/09 00:50:59 2.8
--- dynload_win.c 2001/11/28 11:47:00 2.9
***************
*** 233,237 ****
strcasecmp(buffer,import_python)) {
sprintf(buffer,
! "Module use of %s conflicts "
"with this version of Python.",
import_python);
--- 233,237 ----
strcasecmp(buffer,import_python)) {
sprintf(buffer,
! "Module use of %.150s conflicts "
"with this version of Python.",
import_python);
Index: getargs.c
===================================================================
RCS file: /cvsroot/python/python/dist/src/Python/getargs.c,v
retrieving revision 2.84
retrieving revision 2.85
diff -C2 -d -r2.84 -r2.85
*** getargs.c 2001/10/27 07:25:06 2.84
--- getargs.c 2001/11/28 11:47:00 2.85
***************
*** 2,10 ****
/* New getargs implementation */
- /* XXX There are several unchecked sprintf or strcat calls in this file.
- XXX The only way these can become a danger is if some C code in the
- XXX Python source (or in an extension) uses ridiculously long names
- XXX or ridiculously deep nesting in format strings. */
-
#include "Python.h"
--- 2,5 ----
***************
*** 141,145 ****
if (args == NULL)
return 1;
! sprintf(msgbuf, "%s%s takes no arguments",
fname==NULL ? "function" : fname,
fname==NULL ? "" : "()");
--- 136,140 ----
if (args == NULL)
return 1;
! sprintf(msgbuf, "%.200s%s takes no arguments",
fname==NULL ? "function" : fname,
fname==NULL ? "" : "()");
***************
*** 150,154 ****
if (args == NULL) {
sprintf(msgbuf,
! "%s%s takes at least one argument",
fname==NULL ? "function" : fname,
fname==NULL ? "" : "()");
--- 145,149 ----
if (args == NULL) {
sprintf(msgbuf,
! "%.200s%s takes at least one argument",
fname==NULL ? "function" : fname,
fname==NULL ? "" : "()");
***************
*** 180,184 ****
if (message == NULL) {
sprintf(msgbuf,
! "%s%s takes %s %d argument%s (%d given)",
fname==NULL ? "function" : fname,
fname==NULL ? "" : "()",
--- 175,179 ----
if (message == NULL) {
sprintf(msgbuf,
! "%.150s%s takes %s %d argument%s (%d given)",
fname==NULL ? "function" : fname,
fname==NULL ? "" : "()",
***************
*** 221,225 ****
seterror(int iarg, char *msg, int *levels, char *fname, char *message)
{
! char buf[256];
int i;
char *p = buf;
--- 216,220 ----
seterror(int iarg, char *msg, int *levels, char *fname, char *message)
{
! char buf[512];
int i;
char *p = buf;
***************
*** 229,233 ****
else if (message == NULL) {
if (fname != NULL) {
! sprintf(p, "%s() ", fname);
p += strlen(p);
}
--- 224,228 ----
else if (message == NULL) {
if (fname != NULL) {
! sprintf(p, "%.200s() ", fname);
p += strlen(p);
}
***************
*** 236,240 ****
i = 0;
p += strlen(p);
! while (levels[i] > 0) {
sprintf(p, ", item %d", levels[i]-1);
p += strlen(p);
--- 231,235 ----
i = 0;
p += strlen(p);
! while (levels[i] > 0 && (int)(p-buf) < 220) {
sprintf(p, ", item %d", levels[i]-1);
p += strlen(p);
***************
*** 246,250 ****
p += strlen(p);
}
! sprintf(p, " %s", msg);
message = buf;
}
--- 241,245 ----
p += strlen(p);
}
! sprintf(p, " %.256s", msg);
message = buf;
}
***************
*** 301,306 ****
levels[0] = 0;
sprintf(msgbuf,
! toplevel ? "expected %d arguments, not %s" :
! "must be %d-item sequence, not %s",
n, arg == Py_None ? "None" : arg->ob_type->tp_name);
return msgbuf;
--- 296,301 ----
levels[0] = 0;
sprintf(msgbuf,
! toplevel ? "expected %d arguments, not %.50s" :
! "must be %d-item sequence, not %.50s",
n, arg == Py_None ? "None" : arg->ob_type->tp_name);
return msgbuf;