From 3210f304dbb65efb04a6525913a4dc1e0003fb46 Mon Sep 17 00:00:00 2001 From: cat Date: Sat, 11 Dec 2021 14:21:07 +0500 Subject: [PATCH 126/N] Fix buffer overflow in Py_GetSepW(). --- Python/pathconfig.c | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/Python/pathconfig.c b/Python/pathconfig.c index 222850b..7d75216 100644 --- a/Python/pathconfig.c +++ b/Python/pathconfig.c @@ -20,6 +20,30 @@ extern "C" { #include #endif +static int +Py_StartsWithA(const char * str, const char * prefix) +{ + while(*prefix) + { + if(*prefix++ != *str++) + return 0; + } + + return 1; +} + +static int +Py_StartsWithW(const wchar_t * str, const wchar_t * prefix) +{ + while(*prefix) + { + if(*prefix++ != *str++) + return 0; + } + + return 1; +} + char Py_GetSepA(const char *name) { @@ -30,7 +54,7 @@ Py_GetSepA(const char *name) * The "\\?\" prefix .. indicate that the path should be passed to the system with minimal * modification, which means that you cannot use forward slashes to represent path separators */ - if (name != NULL && memcmp(name, "\\\\?\\", sizeof("\\\\?\\") - sizeof(char)) == 0) + if (name != NULL && Py_StartsWithA(name, "\\\\?\\") != 0) { return '\\'; } @@ -82,7 +106,7 @@ Py_GetSepW(const wchar_t *name) * The "\\?\" prefix .. indicate that the path should be passed to the system with minimal * modification, which means that you cannot use forward slashes to represent path separators */ - if (name != NULL && memcmp(name, L"\\\\?\\", sizeof(L"\\\\?\\") - sizeof(wchar_t)) == 0) + if (name != NULL && Py_StartsWithW(name, L"\\\\?\\") != 0) { return L'\\'; } -- 2.34.1