pywin32-checkins

[Roger U. <ru...@us...>]

Update of /cvsroot/pywin32/pywin32/com/win32com/src/extensions
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv26516/com/win32com/src/extensions

Modified Files:
	PyGStream.cpp 
Log Message:
Fix a buffer overflow and possible crash

Index: PyGStream.cpp
===================================================================
RCS file: /cvsroot/pywin32/pywin32/com/win32com/src/extensions/PyGStream.cpp,v
retrieving revision 1.4
retrieving revision 1.5
diff -C2 -d -r1.4 -r1.5
*** PyGStream.cpp	2 Jul 2007 01:29:51 -0000	1.4
--- PyGStream.cpp	3 Jul 2007 21:00:46 -0000	1.5
***************
*** 19,34 ****
  
  	hr = E_FAIL;
! 	int len = PyObject_Length(result);
! 	if ( len != -1 )
! 	{
! 		const char *s = PyString_AsString(result);
! 		if ( s != NULL )
! 		{
! 			memcpy(pv, s, len);
! 			if ( pcbRead != NULL )
! 				*pcbRead = len;
  			hr = S_OK;
  		}
- 	}
  
  	Py_DECREF(result);
--- 19,34 ----
  
  	hr = E_FAIL;
! 	VOID *buf=NULL;
! 	DWORD resultlen;
! 	if (PyWinObject_AsReadBuffer(result, &buf, &resultlen, FALSE)){
! 		if (resultlen > cb)
! 			PyErr_SetString(PyExc_ValueError,"Returned data longer than requested");
! 		else{
! 			memcpy(pv, buf, resultlen);
! 			if (pcbRead)
! 				*pcbRead = resultlen;
  			hr = S_OK;
+ 			}
  		}
  
  	Py_DECREF(result);
***************
*** 68,82 ****
  {
  	PY_GATEWAY_METHOD;
- 	PyObject *obdlibMove = PyWinObject_FromLARGE_INTEGER(dlibMove);
  	PyObject *result;
! 	HRESULT hr=InvokeViaPolicy("Seek", &result, "Oi", obdlibMove, dwOrigin);
! 	Py_XDECREF(obdlibMove);
  	if (FAILED(hr)) return hr;
  	// Process the Python results, and convert back to the real params
! 	PyObject *obplibNewPosition;
! 	if (!PyArg_Parse(result, "O" , &obplibNewPosition)) return PyCom_HandlePythonFailureToCOM(/*pexcepinfo*/);
! 	BOOL bPythonIsHappy = TRUE;
! 	if (!PyWinObject_AsULARGE_INTEGER(obplibNewPosition, plibNewPosition)) bPythonIsHappy = FALSE;
! 	if (!bPythonIsHappy) hr = MAKE_PYCOM_GATEWAY_FAILURE_CODE("Seek");
  	Py_DECREF(result);
  	return hr;
--- 68,81 ----
  {
  	PY_GATEWAY_METHOD;
  	PyObject *result;
! 	HRESULT hr=InvokeViaPolicy("Seek", &result, "Lk", dlibMove.QuadPart, dwOrigin);
  	if (FAILED(hr)) return hr;
  	// Process the Python results, and convert back to the real params
! 	// Callers may pass NULL for result position if they don't require the result
! 	ULARGE_INTEGER new_pos;
! 	if (!PyWinObject_AsULARGE_INTEGER(result, &new_pos))
! 		hr = MAKE_PYCOM_GATEWAY_FAILURE_CODE("Seek");
! 	else if (plibNewPosition)
! 		*plibNewPosition=new_pos;
  	Py_DECREF(result);
  	return hr;