Update of /cvsroot/pywin32/pywin32/win32/src
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv32517
Modified Files:
win32helpmodule.cpp
Log Message:
Passing a long string to the underlying Win32 HtmlHelp() function causes
a win32 exception (on win2k at least). Limit the string to MAX_PATH,
raising a ValueError if too long.
Index: win32helpmodule.cpp
===================================================================
RCS file: /cvsroot/pywin32/pywin32/win32/src/win32helpmodule.cpp,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** win32helpmodule.cpp 9 Feb 2001 07:35:57 -0000 1.2
--- win32helpmodule.cpp 1 Oct 2004 00:11:56 -0000 1.3
***************
*** 2403,2406 ****
--- 2403,2412 ----
if (PyString_Check(fileOb)) {
+ /* The API function will crash with a huge filename, and that could
+ open an exploit hole */
+ if (PyString_Size(fileOb) >= _MAX_PATH)
+ return PyErr_Format(PyExc_ValueError,
+ "string of length %d is too large for this function",
+ PyString_Size(fileOb) );
file = PyString_AsString(fileOb);
} else if (fileOb == Py_None) {
|
