➜
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2010-07-08 03:06 by stutzbach, last changed 2022-04-11 14:57 by admin. This issue is now closed.
| Pull Requests | |||
|---|---|---|---|
| URL | Status | Linked | Edit |
| PR 12687 | merged | ZackerySpytz, 2019-04-04 15:03 | |
| PR 12909 | merged | miss-islington, 2019-04-22 17:01 | |
| PR 12910 | merged | miss-islington, 2019-04-22 17:02 | |
| PR 12916 | merged | ZackerySpytz, 2019-04-22 23:24 | |
| Messages (11) | |||
|---|---|---|---|
| msg109511 - (view) | Author: Daniel Stutzbach (stutzbach)  |
Date: 2010-07-08 03:06 | |
The comment before fixupMultiSZ and countString states:
** Note that fixupMultiSZ and countString have both had changes
** made to support "incorrect strings". The registry specification
** calls for strings to be terminated with 2 null bytes. It seems
** some commercial packages install strings which don't conform,
** causing this code to fail - however, "regedit" etc still work
** with these strings (ie only we don't!).
As indicated in the comments, the two functions dutifully check the supplied length parameter and do not trust the data to be in the correct format.
... except for the inner loop in fixupMultiSZ, which reads:
for(; *P != '\0'; P++)
;
It should be the same as the inner loop of countStrings:
for (; P < Q && *P != '\0'; P++)
;
|
|||
| msg219901 - (view) | Author: Mark Lawrence (BreamoreBoy) * | Date: 2014-06-06 21:48 | |
@Tim is this something that you can comment on? |
|||
| msg221201 - (view) | Author: Mark Lawrence (BreamoreBoy) * | Date: 2014-06-21 20:45 | |
@Steve/Zach FYI. |
|||
| msg339447 - (view) | Author: Zackery Spytz (ZackerySpytz) *  |
Date: 2019-04-04 15:11 | |
I've created a PR for this issue. |
|||
| msg339465 - (view) | Author: Eryk Sun (eryksun) * |
Date: 2019-04-04 21:46 | |
There's still a potential problem when Reg2Py calls wcslen(str[index]). This could be addressed by having fixupMultiSZ take an int array to store the length of each string. For example:
static void
fixupMultiSZ(wchar_t **strings, int *lengths, wchar_t *data, int len)
{
wchar_t *P, *Q = data + len;
int i;
for (P = data, i = 0; P < Q && *P; P++, i++) {
strings[i] = P;
lengths[i] = 0;
for (; P < Q && *P; P++) {
lengths[i]++;
}
}
}
We'd have to allocate the lengths array in Reg2Py, like we do for the strings array. Also, we can remove the overflow error check prior to PyUnicode_FromWideChar. The longest possible length is `retDataSize / 2`, which occurs if a single string is stored without any null terminators.
|
|||
| msg340659 - (view) | Author: Steve Dower (steve.dower) * |
Date: 2019-04-22 17:01 | |
New changeset 56ed86490cb8221c874d432461d77702437f63e5 by Steve Dower (Zackery Spytz) in branch 'master': bpo-9194: Fix the bounds checking in winreg.c's fixupMultiSZ() (GH-12687) https://github.com/python/cpython/commit/56ed86490cb8221c874d432461d77702437f63e5 |
|||
| msg340660 - (view) | Author: Steve Dower (steve.dower) * |
Date: 2019-04-22 17:07 | |
Thanks Zackery! I've merged this main part of the fix (though it requires a manual backport to 2.7). As it's a buffer overrun, I've sent it back to 3.6 as well. Eryk - thanks for the additional detail. I wonder whether it would be just as easy to guarantee an over-allocation in this case and force a null terminator? (In fact, that would probably have handled the same case that Zackery just fixed, but we didn't have a patch ready for that approach) |
|||
| msg340663 - (view) | Author: miss-islington (miss-islington) | Date: 2019-04-22 17:20 | |
New changeset 7038deed09784a03e2a7bad500f0054d29876ae7 by Miss Islington (bot) in branch '3.7': bpo-9194: Fix the bounds checking in winreg.c's fixupMultiSZ() (GH-12687) https://github.com/python/cpython/commit/7038deed09784a03e2a7bad500f0054d29876ae7 |
|||
| msg340685 - (view) | Author: miss-islington (miss-islington) | Date: 2019-04-22 23:36 | |
New changeset 84efbaecaf50b771cc7a95fd9dd9602bd31de305 by Miss Islington (bot) (Zackery Spytz) in branch '2.7': [2.7] bpo-9194: Fix the bounds checking in winreg.c's fixupMultiSZ() (GH-12687) (GH-12916) https://github.com/python/cpython/commit/84efbaecaf50b771cc7a95fd9dd9602bd31de305 |
|||
| msg340686 - (view) | Author: Steve Dower (steve.dower) * |
Date: 2019-04-22 23:40 | |
Declaring this done - Ned can take the backport to 3.6 if/when he feels like it. |
|||
| msg341281 - (view) | Author: Ned Deily (ned.deily) * |
Date: 2019-05-02 16:00 | |
New changeset dadc34784444950c389c120fb16f44e5a29cc43f by Ned Deily (Miss Islington (bot)) in branch '3.6': bpo-9194: Fix the bounds checking in winreg.c's fixupMultiSZ() (GH-12687) (GH-12910) https://github.com/python/cpython/commit/dadc34784444950c389c120fb16f44e5a29cc43f |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:57:03 | admin | set | github: 53440 |
| 2019-05-02 16:01:10 | ned.deily | set | versions: + Python 3.6 |
| 2019-05-02 16:00:38 | ned.deily | set | nosy:
+ ned.deily messages: + msg341281 |
| 2019-04-22 23:40:53 | steve.dower | set | status: open -> closed resolution: fixed messages: + msg340686 stage: patch review -> resolved |
| 2019-04-22 23:36:00 | miss-islington | set | messages: + msg340685 |
| 2019-04-22 23:24:45 | ZackerySpytz | set | stage: backport needed -> patch review pull_requests: + pull_request12842 |
| 2019-04-22 17:20:37 | miss-islington | set | nosy:
+ miss-islington messages: + msg340663 |
| 2019-04-22 17:07:12 | steve.dower | set | messages:
+ msg340660 stage: patch review -> backport needed |
| 2019-04-22 17:02:00 | miss-islington | set | pull_requests: + pull_request12837 |
| 2019-04-22 17:01:54 | miss-islington | set | pull_requests: + pull_request12836 |
| 2019-04-22 17:01:49 | steve.dower | set | messages: + msg340659 |
| 2019-04-04 21:46:51 | eryksun | set | messages: + msg339465 |
| 2019-04-04 15:11:56 | ZackerySpytz | set | nosy:
+ eryksun, ZackerySpytz messages: + msg339447 versions: + Python 3.7, Python 3.8, - Python 3.2, Python 3.3, Python 3.4 |
| 2019-04-04 15:03:00 | ZackerySpytz | set | keywords:
+ patch stage: test needed -> patch review pull_requests: + pull_request12614 |
| 2019-03-15 23:37:49 | BreamoreBoy | set | nosy:
- BreamoreBoy |
| 2014-06-21 20:45:38 | BreamoreBoy | set | nosy:
+ zach.ware, steve.dower messages: + msg221201 |
| 2014-06-06 21:59:21 | brian.curtin | set | nosy:
- brian.curtin |
| 2014-06-06 21:48:17 | BreamoreBoy | set | nosy:
+ tim.golden, BreamoreBoy messages: + msg219901 |
| 2012-11-09 13:25:42 | ezio.melotti | set | versions: + Python 3.3, Python 3.4, - Python 2.6, Python 3.1 |
| 2010-07-08 05:19:25 | ezio.melotti | set | nosy:
+ brian.curtin type: behavior components: + Extension Modules, Windows stage: test needed |
| 2010-07-08 03:06:45 | stutzbach | create | |