[Python-checkins] bpo-45228: Fix stack buffer overflow in parsing J1939 address (GH-28404)
miss-islington
webhook-mailer at python.org
Fri Sep 17 05:10:59 EDT 2021
https://github.com/python/cpython/commit/98fef200bbfd8adec27799265deb200ab5e4513e
commit: 98fef200bbfd8adec27799265deb200ab5e4513e
branch: 3.9
author: Miss Islington (bot) <31488909+miss-islington at users.noreply.github.com>
committer: miss-islington <31488909+miss-islington at users.noreply.github.com>
date: 2021-09-17T02:10:55-07:00
summary:
bpo-45228: Fix stack buffer overflow in parsing J1939 address (GH-28404)
(cherry picked from commit 773319545ba60577bc140aa46eac83b360240b7a)
Co-authored-by: Serhiy Storchaka <storchaka at gmail.com>
files:
A Misc/NEWS.d/next/Library/2021-09-17-09-59-33.bpo-45228.WV1dcT.rst
M Modules/socketmodule.c
diff --git a/Misc/NEWS.d/next/Library/2021-09-17-09-59-33.bpo-45228.WV1dcT.rst b/Misc/NEWS.d/next/Library/2021-09-17-09-59-33.bpo-45228.WV1dcT.rst
new file mode 100644
index 0000000000000..9336c0aed92bc
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2021-09-17-09-59-33.bpo-45228.WV1dcT.rst
@@ -0,0 +1 @@
+Fix stack buffer overflow in parsing J1939 network address.
diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c
index dcb11ef62053a..0ac7fd0a607a0 100644
--- a/Modules/socketmodule.c
+++ b/Modules/socketmodule.c
@@ -1555,10 +1555,10 @@ makesockaddr(SOCKET_T sockfd, struct sockaddr *addr, size_t addrlen, int proto)
#ifdef CAN_J1939
case CAN_J1939:
{
- return Py_BuildValue("O&KkB", PyUnicode_DecodeFSDefault,
+ return Py_BuildValue("O&KIB", PyUnicode_DecodeFSDefault,
ifname,
- a->can_addr.j1939.name,
- a->can_addr.j1939.pgn,
+ (unsigned long long)a->can_addr.j1939.name,
+ (unsigned int)a->can_addr.j1939.pgn,
a->can_addr.j1939.addr);
}
#endif /* CAN_J1939 */
@@ -2249,13 +2249,13 @@ getsockaddrarg(PySocketSockObject *s, PyObject *args,
PyObject *interfaceName;
struct ifreq ifr;
Py_ssize_t len;
- uint64_t j1939_name;
- uint32_t j1939_pgn;
+ unsigned long long j1939_name; /* at least 64 bits */
+ unsigned int j1939_pgn; /* at least 32 bits */
uint8_t j1939_addr;
struct sockaddr_can *addr = &addrbuf->can;
- if (!PyArg_ParseTuple(args, "O&KkB", PyUnicode_FSConverter,
+ if (!PyArg_ParseTuple(args, "O&KIB", PyUnicode_FSConverter,
&interfaceName,
&j1939_name,
&j1939_pgn,
@@ -2283,8 +2283,8 @@ getsockaddrarg(PySocketSockObject *s, PyObject *args,
addr->can_family = AF_CAN;
addr->can_ifindex = ifr.ifr_ifindex;
- addr->can_addr.j1939.name = j1939_name;
- addr->can_addr.j1939.pgn = j1939_pgn;
+ addr->can_addr.j1939.name = (uint64_t)j1939_name;
+ addr->can_addr.j1939.pgn = (uint32_t)j1939_pgn;
addr->can_addr.j1939.addr = j1939_addr;
*len_ret = sizeof(*addr);
More information about the Python-checkins
mailing list