pywin32-checkins

[Mark H. <mha...@us...>]

Update of /cvsroot/pywin32/pywin32/win32/src
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv31689

Modified Files:
	win32rasmodule.cpp 
Log Message:
Avoid overflowing the RASDIALPARAMS buffers, and plug a reference leak.


Index: win32rasmodule.cpp
===================================================================
RCS file: /cvsroot/pywin32/pywin32/win32/src/win32rasmodule.cpp,v
retrieving revision 1.7
retrieving revision 1.8
diff -C2 -d -r1.7 -r1.8
*** win32rasmodule.cpp	7 Jul 2001 17:47:39 -0000	1.7
--- win32rasmodule.cpp	1 Oct 2004 00:07:52 -0000	1.8
***************
*** 295,316 ****
  	char *dest;
  	int size = PyObject_Length(ob);
  	for (int num=0;num<size;num++) {
  		switch (num) {
! 		case 0: dest = p->szEntryName; break;
! 		case 1: dest = p->szPhoneNumber; break;
! 		case 2: dest = p->szCallbackNumber; break;
! 		case 3: dest = p->szUserName; break;
! 		case 4: dest = p->szPassword; break;
! 		case 5: dest = p->szDomain; break;
  		default:
  			SetError("The RasDialParams sequence length must be less than 6", fnName);
  			return FALSE;
  		}
! 		char *src = PyString_AsString(PySequence_GetItem(ob, num));
! 		if (src==NULL) {
  			SetError("The RasDialParams sequence is invalid - must be a tuple of strings.", fnName);
  			return FALSE;
  		}
! 		strcpy(dest, src);
  	}
  	return TRUE;
--- 295,328 ----
  	char *dest;
  	int size = PyObject_Length(ob);
+ 	int dest_size;
  	for (int num=0;num<size;num++) {
  		switch (num) {
! #define GET_BUF_AND_SIZE(name) dest=p->name;dest_size=sizeof(p->name)/sizeof(p->name[0])
! 		case 0: GET_BUF_AND_SIZE(szEntryName); break;
! 		case 1: GET_BUF_AND_SIZE(szPhoneNumber); break;
! 		case 2: GET_BUF_AND_SIZE(szCallbackNumber); break;
! 		case 3: GET_BUF_AND_SIZE(szUserName); break;
! 		case 4: GET_BUF_AND_SIZE(szPassword); break;
! 		case 5: GET_BUF_AND_SIZE(szDomain); break;
  		default:
  			SetError("The RasDialParams sequence length must be less than 6", fnName);
  			return FALSE;
  		}
! 		PyObject *sub = PySequence_GetItem(ob, num);
! 		if (!sub) return FALSE;
! 		if (!PyString_Check(sub)) {
  			SetError("The RasDialParams sequence is invalid - must be a tuple of strings.", fnName);
+ 			Py_DECREF(sub);
  			return FALSE;
  		}
! 		// check it fits in the dest buffer.
! 		if (PyString_Size(sub) >= dest_size) {
! 			SetError("The string is too large for the RASDIALPARAMS structure", fnName);
! 			Py_DECREF(sub);
! 			return FALSE;
! 		}
! 		// we know it fits - blindly copy.
! 		strcpy(dest, PyString_AS_STRING(sub));
! 		Py_DECREF(sub);
  	}
  	return TRUE;