[pywin32-checkins] pywin32/win32/src win32helpmodule.cpp,1.2,1.3
OLD project page for the Python extensions for Windows
Brought to you by:
mhammond
Menu
▾
▴
[pywin32-checkins] pywin32/win32/src win32helpmodule.cpp,1.2,1.3
|
From: Mark H. <mha...@us...> - 2004-10-01 00:12:17
|
Update of /cvsroot/pywin32/pywin32/win32/src In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv32517 Modified Files: win32helpmodule.cpp Log Message: Passing a long string to the underlying Win32 HtmlHelp() function causes a win32 exception (on win2k at least). Limit the string to MAX_PATH, raising a ValueError if too long. Index: win32helpmodule.cpp =================================================================== RCS file: /cvsroot/pywin32/pywin32/win32/src/win32helpmodule.cpp,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** win32helpmodule.cpp 9 Feb 2001 07:35:57 -0000 1.2 --- win32helpmodule.cpp 1 Oct 2004 00:11:56 -0000 1.3 *************** *** 2403,2406 **** --- 2403,2412 ---- if (PyString_Check(fileOb)) { + /* The API function will crash with a huge filename, and that could + open an exploit hole */ + if (PyString_Size(fileOb) >= _MAX_PATH) + return PyErr_Format(PyExc_ValueError, + "string of length %d is too large for this function", + PyString_Size(fileOb) ); file = PyString_AsString(fileOb); } else if (fileOb == Py_None) { |
