From 60a60677093e2792439c9e34debe6d55feead63f Mon Sep 17 00:00:00 2001
From: Christian Heimes <christian@cheimes.de>
Date: Mon, 22 Jul 2013 12:53:32 +0200
Subject: Issue #15905: Fix theoretical buffer overflow in handling of
 sys.argv[0], prefix and exec_prefix if the operation system does not obey
 MAXPATHLEN.

---
 Python/sysmodule.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'Python/sysmodule.c')

diff --git a/Python/sysmodule.c b/Python/sysmodule.c
index 20bfa555b3d..edd6649ae6d 100644
--- a/Python/sysmodule.c
+++ b/Python/sysmodule.c
@@ -1856,10 +1856,11 @@ sys_update_path(int argc, wchar_t **argv)
             if (q == NULL)
                 argv0 = link; /* argv0 without path */
             else {
-                /* Must make a copy */
-                wcscpy(argv0copy, argv0);
+                /* Must make a copy, argv0copy has room for 2 * MAXPATHLEN */
+                wcsncpy(argv0copy, argv0, MAXPATHLEN);
                 q = wcsrchr(argv0copy, SEP);
-                wcscpy(q+1, link);
+                wcsncpy(q+1, link, MAXPATHLEN);
+                q[MAXPATHLEN + 1] = L'\0';
                 argv0 = argv0copy;
             }
         }
-- 
cgit v1.2.3