[Python-checkins] r67199 - in python/branches/release24-maint: Misc/NEWS Objects/stringobject.c
matthias.klose
python-checkins at python.org
Wed Nov 12 08:21:53 CET 2008
Author: matthias.klose
Date: Wed Nov 12 08:21:52 2008
New Revision: 67199
Log:
- Issue #2587: In the C API, PyString_FromStringAndSize() takes a signed size
parameter but was not verifying that it was greater than zero. Values
less than zero will now raise a SystemError and return NULL to indicate a
bug in the calling C code. CVE-2008-1887.
backport r62261, r62271
Modified:
python/branches/release24-maint/Misc/NEWS
python/branches/release24-maint/Objects/stringobject.c
Modified: python/branches/release24-maint/Misc/NEWS
==============================================================================
--- python/branches/release24-maint/Misc/NEWS (original)
+++ python/branches/release24-maint/Misc/NEWS Wed Nov 12 08:21:52 2008
@@ -30,6 +30,11 @@
- Issues #2588, #2589: Fix potential integer underflow and overflow
conditions in the PyOS_vsnprintf C API function. CVE-2008-3144.
+- Issue #2587: In the C API, PyString_FromStringAndSize() takes a signed size
+ parameter but was not verifying that it was greater than zero. Values
+ less than zero will now raise a SystemError and return NULL to indicate a
+ bug in the calling C code. CVE-2008-1887.
+
Extension Modules
-----------------
Modified: python/branches/release24-maint/Objects/stringobject.c
==============================================================================
--- python/branches/release24-maint/Objects/stringobject.c (original)
+++ python/branches/release24-maint/Objects/stringobject.c Wed Nov 12 08:21:52 2008
@@ -52,6 +52,13 @@
PyString_FromStringAndSize(const char *str, int size)
{
register PyStringObject *op;
+
+ if (size < 0) {
+ PyErr_SetString(PyExc_SystemError,
+ "Negative size passed to PyString_FromStringAndSize");
+ return NULL;
+ }
+
if (size == 0 && (op = nullstring) != NULL) {
#ifdef COUNT_ALLOCS
null_strings++;
More information about the Python-checkins
mailing list