Issue #15905: Fix theoretical buffer overflow in handling of sys.argv[0],

prefix and exec_prefix if the operation system does not obey MAXPATHLEN.
author: Christian Heimes <christian@cheimes.de> 2013-07-22 12:53:32 +0200
committer: Christian Heimes <christian@cheimes.de> 2013-07-22 12:53:32 +0200
commit: b1ad408098529bbadd56ecae29ea873d734c618a (patch)
tree: e59dc65003562c55bd6ab5bf0081441a1cc2b155 /Python/sysmodule.c
parent: d6b5909b8322668360b0f61db7ce77b1b1f4981b (diff)
download: cpython-b1ad408098529bbadd56ecae29ea873d734c618a.tar.gz
1 files changed, 4 insertions, 3 deletions
diff --git a/Python/sysmodule.c b/Python/sysmodule.c
index 20bfa555b3..edd6649ae6 100644
--- a/Python/sysmodule.c
+++ b/Python/sysmodule.c
@@ -1856,10 +1856,11 @@ sys_update_path(int argc, wchar_t **argv)
             if (q == NULL)
                 argv0 = link; /* argv0 without path */
             else {
-                /* Must make a copy */
-                wcscpy(argv0copy, argv0);
+                /* Must make a copy, argv0copy has room for 2 * MAXPATHLEN */
+                wcsncpy(argv0copy, argv0, MAXPATHLEN);
                 q = wcsrchr(argv0copy, SEP);
-                wcscpy(q+1, link);
+                wcsncpy(q+1, link, MAXPATHLEN);
+                q[MAXPATHLEN + 1] = L'\0';
                 argv0 = argv0copy;
             }
         }
author	Christian Heimes <christian@cheimes.de>	2013-07-22 12:53:32 +0200
committer	Christian Heimes <christian@cheimes.de>	2013-07-22 12:53:32 +0200
commit	b1ad408098529bbadd56ecae29ea873d734c618a (patch)
tree	e59dc65003562c55bd6ab5bf0081441a1cc2b155 /Python/sysmodule.c
parent	d6b5909b8322668360b0f61db7ce77b1b1f4981b (diff)
download	cpython-b1ad408098529bbadd56ecae29ea873d734c618a.tar.gz