[pywin32-checkins] pywin32/win32/src win32rasmodule.cpp,1.7,1.8
OLD project page for the Python extensions for Windows
Brought to you by:
mhammond
Menu
▾
▴
[pywin32-checkins] pywin32/win32/src win32rasmodule.cpp,1.7,1.8
|
From: Mark H. <mha...@us...> - 2004-10-01 00:08:11
|
Update of /cvsroot/pywin32/pywin32/win32/src In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv31689 Modified Files: win32rasmodule.cpp Log Message: Avoid overflowing the RASDIALPARAMS buffers, and plug a reference leak. Index: win32rasmodule.cpp =================================================================== RCS file: /cvsroot/pywin32/pywin32/win32/src/win32rasmodule.cpp,v retrieving revision 1.7 retrieving revision 1.8 diff -C2 -d -r1.7 -r1.8 *** win32rasmodule.cpp 7 Jul 2001 17:47:39 -0000 1.7 --- win32rasmodule.cpp 1 Oct 2004 00:07:52 -0000 1.8 *************** *** 295,316 **** char *dest; int size = PyObject_Length(ob); for (int num=0;num<size;num++) { switch (num) { ! case 0: dest = p->szEntryName; break; ! case 1: dest = p->szPhoneNumber; break; ! case 2: dest = p->szCallbackNumber; break; ! case 3: dest = p->szUserName; break; ! case 4: dest = p->szPassword; break; ! case 5: dest = p->szDomain; break; default: SetError("The RasDialParams sequence length must be less than 6", fnName); return FALSE; } ! char *src = PyString_AsString(PySequence_GetItem(ob, num)); ! if (src==NULL) { SetError("The RasDialParams sequence is invalid - must be a tuple of strings.", fnName); return FALSE; } ! strcpy(dest, src); } return TRUE; --- 295,328 ---- char *dest; int size = PyObject_Length(ob); + int dest_size; for (int num=0;num<size;num++) { switch (num) { ! #define GET_BUF_AND_SIZE(name) dest=p->name;dest_size=sizeof(p->name)/sizeof(p->name[0]) ! case 0: GET_BUF_AND_SIZE(szEntryName); break; ! case 1: GET_BUF_AND_SIZE(szPhoneNumber); break; ! case 2: GET_BUF_AND_SIZE(szCallbackNumber); break; ! case 3: GET_BUF_AND_SIZE(szUserName); break; ! case 4: GET_BUF_AND_SIZE(szPassword); break; ! case 5: GET_BUF_AND_SIZE(szDomain); break; default: SetError("The RasDialParams sequence length must be less than 6", fnName); return FALSE; } ! PyObject *sub = PySequence_GetItem(ob, num); ! if (!sub) return FALSE; ! if (!PyString_Check(sub)) { SetError("The RasDialParams sequence is invalid - must be a tuple of strings.", fnName); + Py_DECREF(sub); return FALSE; } ! // check it fits in the dest buffer. ! if (PyString_Size(sub) >= dest_size) { ! SetError("The string is too large for the RASDIALPARAMS structure", fnName); ! Py_DECREF(sub); ! return FALSE; ! } ! // we know it fits - blindly copy. ! strcpy(dest, PyString_AS_STRING(sub)); ! Py_DECREF(sub); } return TRUE; |
