bpo-33001: Minimal fix to prevent buffer overrun in os.symlink by zooba ยท Pull Request #5989 ยท python/cpython
Conversation
zooba
changed the title
Minimal fix to prevent buffer overrun in os.symlink
bpo-33001: Minimal fix to prevent buffer overrun in os.symlink
| # overflow dest with relative src | ||
| (segment, path), | ||
| # overflow dest when appending '\\' for join | ||
| (segment, path[:261]), |
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
FWIW, this won't overflow when appending \\ because:
len(path[:261])>MAX_PATH - 1, so it'll overflow in the very beginning of_check_dirW- even if len was equal to
MAX_PATH - 1,_dirnameWwould be applied first, making it shorter.
Thanks @zooba for the PR ๐ฎ๐.. I'm working now to backport this PR to: 3.7.
๐๐โ๐ค
zooba
deleted the
symlink-bug
branch
miss-islington pushed a commit to miss-islington/cpython that referenced this pull request
Mar 5, 2018
(cherry picked from commit 6921e73) Co-authored-by: Steve Dower <steve.dower@microsoft.com>
miss-islington added a commit that referenced this pull request
Mar 5, 2018
(cherry picked from commit 6921e73) Co-authored-by: Steve Dower <steve.dower@microsoft.com>
larryhastings pushed a commit that referenced this pull request
May 14, 2018
* bpo-33001: Minimal fix to prevent buffer overrun in os.symlink * Skips test to avoid crashing during the test suite * Remove invalid test
larryhastings pushed a commit that referenced this pull request
May 14, 2018
* bpo-33001: Minimal fix to prevent buffer overrun in os.symlink * Remove invalid test
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters