Modules/main.c - Issue 13703: Hash collision security issue

Delta Between Two Patch Sets: Modules/main.c

Issue 13703: Hash collision security issue

Left Patch Set: Created 1 year, 3 months ago

Right Patch Set: Created 1 year, 3 months ago

Left:
Right:

Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.

Jump to:

Right: Side by side diff | Download

LEFT	RIGHT
(no file at all)
1 /* Python interpreter main program */	1 /* Python interpreter main program */

2	2

3 #include "Python.h"	3 #include "Python.h"

4 #include "osdefs.h"	4 #include "osdefs.h"

5 #include "import.h"	5 #include "import.h"

6	6

7 #include <locale.h>	7 #include <locale.h>

8	8

9 #ifdef __VMS	9 #ifdef __VMS

10 #include <unixlib.h>	10 #include <unixlib.h>

(...skipping 29 matching lines...) Expand all Loading...
40	40

41 #ifdef __cplusplus	41 #ifdef __cplusplus

42 extern "C" {	42 extern "C" {

43 #endif	43 #endif

44	44

45 /* For Py_GetArgcArgv(); set by main() */	45 /* For Py_GetArgcArgv(); set by main() */

46 static wchar_t **orig_argv;	46 static wchar_t **orig_argv;

47 static int orig_argc;	47 static int orig_argc;

48	48

49 /* command line options */	49 /* command line options */

50 #define BASE_OPTS L"bBc:dEhiJm:OsStuvVW:xX?"	50 #define BASE_OPTS L"bBc:dEhiJm:ORsStuvVW:xX?"

51	51

52 #define PROGRAM_OPTS BASE_OPTS	52 #define PROGRAM_OPTS BASE_OPTS

53	53

54 /* Short usage message (with %s for argv0) */	54 /* Short usage message (with %s for argv0) */

55 static char *usage_line =	55 static char *usage_line =

56 "usage: %ls [option] ... [-c cmd \| -m mod \| file \| -] [arg] ...\n";	56 "usage: %ls [option] ... [-c cmd \| -m mod \| file \| -] [arg] ...\n";

57	57

58 /* Long usage message, split into parts < 512 bytes */	58 /* Long usage message, split into parts < 512 bytes */

59 static char *usage_1 = "\	59 static char *usage_1 = "\

60 Options and arguments (and corresponding environment variables):\n\	60 Options and arguments (and corresponding environment variables):\n\

61 -b : issue warnings about str(bytes_instance), str(bytearray_instance)\n\	61 -b : issue warnings about str(bytes_instance), str(bytearray_instance)\n\

62 and comparing bytes/bytearray with str. (-bb: issue errors)\n\	62 and comparing bytes/bytearray with str. (-bb: issue errors)\n\

63 -B : don't write .py[co] files on import; also PYTHONDONTWRITEBYTECODE=x\n\	63 -B : don't write .py[co] files on import; also PYTHONDONTWRITEBYTECODE=x\n\

64 -c cmd : program passed in as string (terminates option list)\n\	64 -c cmd : program passed in as string (terminates option list)\n\

65 -d : debug output from parser; also PYTHONDEBUG=x\n\	65 -d : debug output from parser; also PYTHONDEBUG=x\n\

66 -E : ignore PYTHON* environment variables (such as PYTHONPATH)\n\	66 -E : ignore PYTHON* environment variables (such as PYTHONPATH)\n\

67 -h : print this help message and exit (also --help)\n\	67 -h : print this help message and exit (also --help)\n\

68 ";	68 ";

69 static char *usage_2 = "\	69 static char *usage_2 = "\

70 -i : inspect interactively after running script; forces a prompt even\n\	70 -i : inspect interactively after running script; forces a prompt even\n\

71 if stdin does not appear to be a terminal; also PYTHONINSPECT=x\n\	71 if stdin does not appear to be a terminal; also PYTHONINSPECT=x\n\

72 -m mod : run library module as a script (terminates option list)\n\	72 -m mod : run library module as a script (terminates option list)\n\

73 -O : optimize generated bytecode slightly; also PYTHONOPTIMIZE=x\n\	73 -O : optimize generated bytecode slightly; also PYTHONOPTIMIZE=x\n\

74 -OO : remove doc-strings in addition to the -O optimizations\n\	74 -OO : remove doc-strings in addition to the -O optimizations\n\

	75 -R : use a pseudo-random salt to make hash() values of various types be\n\

	76 unpredictable between separate invocations of the interpreter, as\n\

	77 a defence against denial-of-service attacks\n\

75 -s : don't add user site directory to sys.path; also PYTHONNOUSERSITE\n\	78 -s : don't add user site directory to sys.path; also PYTHONNOUSERSITE\n\

76 -S : don't imply 'import site' on initialization\n\	79 -S : don't imply 'import site' on initialization\n\

77 ";	80 ";

78 static char *usage_3 = "\	81 static char *usage_3 = "\

79 -u : unbuffered binary stdout and stderr; also PYTHONUNBUFFERED=x\n\	82 -u : unbuffered binary stdout and stderr; also PYTHONUNBUFFERED=x\n\

80 see man page for details on internal buffering relating to '-u'\n\	83 see man page for details on internal buffering relating to '-u'\n\

81 -v : verbose (trace import statements); also PYTHONVERBOSE=x\n\	84 -v : verbose (trace import statements); also PYTHONVERBOSE=x\n\

82 can be supplied multiple times to increase verbosity\n\	85 can be supplied multiple times to increase verbosity\n\

83 -V : print the Python version number and exit (also --version)\n\	86 -V : print the Python version number and exit (also --version)\n\

84 -W arg : warning control; arg is action:message:category:module:lineno\n\	87 -W arg : warning control; arg is action:message:category:module:lineno\n\

85 -x : skip first line of source, allowing use of non-Unix forms of #!cmd\n\	88 -x : skip first line of source, allowing use of non-Unix forms of #!cmd\n\

86 ";	89 ";

87 static char *usage_4 = "\	90 static char *usage_4 = "\

88 file : program read from script file\n\	91 file : program read from script file\n\

89 - : program read from stdin (default; interactive mode if a tty)\n\	92 - : program read from stdin (default; interactive mode if a tty)\n\

90 arg ...: arguments passed to program in sys.argv[1:]\n\n\	93 arg ...: arguments passed to program in sys.argv[1:]\n\n\

91 Other environment variables:\n\	94 Other environment variables:\n\

92 PYTHONSTARTUP: file executed on interactive startup (no default)\n\	95 PYTHONSTARTUP: file executed on interactive startup (no default)\n\

93 PYTHONPATH : '%c'-separated list of directories prefixed to the\n\	96 PYTHONPATH : '%c'-separated list of directories prefixed to the\n\

94 default module search path. The result is sys.path.\n\	97 default module search path. The result is sys.path.\n\

95 ";	98 ";

96 static char *usage_5 = "\	99 static char *usage_5 = "\

97 PYTHONHOME : alternate <prefix> directory (or <prefix>%c<exec_prefix>).\n\	100 PYTHONHOME : alternate <prefix> directory (or <prefix>%c<exec_prefix>).\n\

98 The default module search path uses %s.\n\	101 The default module search path uses %s.\n\

99 PYTHONCASEOK : ignore case in 'import' statements (Windows).\n\	102 PYTHONCASEOK : ignore case in 'import' statements (Windows).\n\

100 PYTHONIOENCODING: Encoding[:errors] used for stdin/stdout/stderr.\n\	103 PYTHONIOENCODING: Encoding[:errors] used for stdin/stdout/stderr.\n\

101 ";	104 ";

	105 static char *usage_6 = "\

	106 PYTHONHASHSEED: if this variable is set to ``random``, the effect is the same \n \

	107 as specifying the :option:`-R` option: a random value is used to seed the\n\

	108 hashes of str, bytes and datetime objects. It can also be set to an integer\ n\

	109 in the range [0,4294967295] to get hash values with a predictable seed.\n\

	110 ";

102	111

103 #ifndef MS_WINDOWS	112 #ifndef MS_WINDOWS

104 static FILE*	113 static FILE*

105 _wfopen(const wchar_t path, const wchar_t mode)	114 _wfopen(const wchar_t path, const wchar_t mode)

106 {	115 {

107 char cpath[PATH_MAX];	116 char cpath[PATH_MAX];

108 char cmode[10];	117 char cmode[10];

109 size_t r;	118 size_t r;

110 r = wcstombs(cpath, path, PATH_MAX);	119 r = wcstombs(cpath, path, PATH_MAX);

111 if (r == (size_t)-1 \|\| r >= PATH_MAX) {	120 if (r == (size_t)-1 \|\| r >= PATH_MAX) {

(...skipping 17 matching lines...) Expand all Loading...
129	138

130 fprintf(f, usage_line, program);	139 fprintf(f, usage_line, program);

131 if (exitcode)	140 if (exitcode)

132 fprintf(f, "Try `python -h' for more information.\n");	141 fprintf(f, "Try `python -h' for more information.\n");

133 else {	142 else {

134 fputs(usage_1, f);	143 fputs(usage_1, f);

135 fputs(usage_2, f);	144 fputs(usage_2, f);

136 fputs(usage_3, f);	145 fputs(usage_3, f);

137 fprintf(f, usage_4, DELIM);	146 fprintf(f, usage_4, DELIM);

138 fprintf(f, usage_5, DELIM, PYTHONHOMEHELP);	147 fprintf(f, usage_5, DELIM, PYTHONHOMEHELP);

	148 fputs(usage_6, f);

139 }	149 }

140 #if defined(__VMS)	150 #if defined(__VMS)

141 if (exitcode == 0) {	151 if (exitcode == 0) {

142 /* suppress 'error' message */	152 /* suppress 'error' message */

143 return 1;	153 return 1;

144 }	154 }

145 else {	155 else {

146 /* STS$M_INHIB_MSG + SS$_ABORT */	156 /* STS$M_INHIB_MSG + SS$_ABORT */

147 return 0x1000002c;	157 return 0x1000002c;

148 }	158 }

(...skipping 215 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
364 case '?':	374 case '?':

365 help++;	375 help++;

366 break;	376 break;

367	377

368 case 'V':	378 case 'V':

369 version++;	379 version++;

370 break;	380 break;

371	381

372 case 'W':	382 case 'W':

373 PySys_AddWarnOption(_PyOS_optarg);	383 PySys_AddWarnOption(_PyOS_optarg);

	384 break;

	385

	386 case 'R':

	387 Py_HashRandomizationFlag++;

374 break;	388 break;

375	389

376 /* This space reserved for other options */	390 /* This space reserved for other options */

377	391

378 default:	392 default:

379 return usage(2, argv[0]);	393 return usage(2, argv[0]);

380 /NOTREACHED/	394 /NOTREACHED/

381	395

382 }	396 }

383 }	397 }

(...skipping 274 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
658 void	672 void

659 Py_GetArgcArgv(int argc, wchar_t **argv)	673 Py_GetArgcArgv(int argc, wchar_t **argv)

660 {	674 {

661 *argc = orig_argc;	675 *argc = orig_argc;

662 *argv = orig_argv;	676 *argv = orig_argv;

663 }	677 }

664	678

665 #ifdef __cplusplus	679 #ifdef __cplusplus

666 }	680 }

667 #endif	681 #endif

LEFT	RIGHT