Issue #22636: Merge ctypes.util shell injection fixes from 3.5

author: Martin Panter <vadmium+py@gmail.com> 2016-06-14 02:59:21 +0000
committer: Martin Panter <vadmium+py@gmail.com> 2016-06-14 02:59:21 +0000
commit: 9ec9a6f8275f2b52dfa6119497085ee9f3e64516 (patch)
tree: f3328f7e05fa55738e642342ea711c3125dd20d9 /Lib/ctypes/test
parent: b54163104bac793a5e8e6561822ce54edb472552 (diff)
parent: 55f28b6d7dce4455f6f9230b9330b5a0285727be (diff)
download: cpython-9ec9a6f8275f2b52dfa6119497085ee9f3e64516.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/Lib/ctypes/test/test_find.py b/Lib/ctypes/test/test_find.py
index e6bc19d7dd..20c5337a8b 100644
--- a/Lib/ctypes/test/test_find.py
+++ b/Lib/ctypes/test/test_find.py
@@ -1,5 +1,5 @@
 import unittest
-import os
+import os, os.path
 import sys
 import test.support
 from ctypes import *
@@ -64,6 +64,11 @@ class Test_OpenGL_libs(unittest.TestCase):
             self.skipTest('lib_gle not available')
         self.gle.gleGetJoinStyle
 
+    def test_shell_injection(self):
+        result = find_library('; echo Hello shell > ' + test.support.TESTFN)
+        self.assertFalse(os.path.lexists(test.support.TESTFN))
+        self.assertIsNone(result)
+
 # On platforms where the default shared library suffix is '.so',
 # at least some libraries can be loaded as attributes of the cdll
 # object, since ctypes now tries loading the lib again
author	Martin Panter <vadmium+py@gmail.com>	2016-06-14 02:59:21 +0000
committer	Martin Panter <vadmium+py@gmail.com>	2016-06-14 02:59:21 +0000
commit	9ec9a6f8275f2b52dfa6119497085ee9f3e64516 (patch)
tree	f3328f7e05fa55738e642342ea711c3125dd20d9 /Lib/ctypes/test
parent	b54163104bac793a5e8e6561822ce54edb472552 (diff)
parent	55f28b6d7dce4455f6f9230b9330b5a0285727be (diff)
download	cpython-9ec9a6f8275f2b52dfa6119497085ee9f3e64516.tar.gz