From 60a60677093e2792439c9e34debe6d55feead63f Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Mon, 22 Jul 2013 12:53:32 +0200 Subject: Issue #15905: Fix theoretical buffer overflow in handling of sys.argv[0], prefix and exec_prefix if the operation system does not obey MAXPATHLEN. --- Python/sysmodule.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'Python/sysmodule.c') diff --git a/Python/sysmodule.c b/Python/sysmodule.c index 20bfa555b3d..edd6649ae6d 100644 --- a/Python/sysmodule.c +++ b/Python/sysmodule.c @@ -1856,10 +1856,11 @@ sys_update_path(int argc, wchar_t **argv) if (q == NULL) argv0 = link; /* argv0 without path */ else { - /* Must make a copy */ - wcscpy(argv0copy, argv0); + /* Must make a copy, argv0copy has room for 2 * MAXPATHLEN */ + wcsncpy(argv0copy, argv0, MAXPATHLEN); q = wcsrchr(argv0copy, SEP); - wcscpy(q+1, link); + wcsncpy(q+1, link, MAXPATHLEN); + q[MAXPATHLEN + 1] = L'\0'; argv0 = argv0copy; } } -- cgit v1.2.3