Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 52a14c3

Browse files
akuchlingakuchling
committed
[Bug #1200134] Fix buffer overflow by constraining size of .getstr(), .instr() to size of allocated buffer
1 parent 4aef245 commit 52a14c3

1 file changed

Lines changed: 13 additions & 9 deletions

File tree

Modules/_cursesmodule.c

Lines changed: 13 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -162,6 +162,10 @@ static int initialisedcolors = FALSE;
162162
"must call start_color() first"); \
163163
return 0; }
164164

165+
#ifndef MIN
166+
#define MIN(x,y) ((x) < (y) ? (x) : (y))
167+
#endif
168+
165169
/* Utility Functions */
166170

167171
/*
@@ -801,21 +805,21 @@ PyCursesWindow_GetStr(PyCursesWindowObject *self, PyObject *args)
801805
switch (PyTuple_Size(args)) {
802806
case 0:
803807
Py_BEGIN_ALLOW_THREADS
804-
rtn2 = wgetstr(self->win,rtn);
808+
rtn2 = wgetnstr(self->win,rtn, 1023);
805809
Py_END_ALLOW_THREADS
806810
break;
807811
case 1:
808812
if (!PyArg_ParseTuple(args,"i;n", &n))
809813
return NULL;
810814
Py_BEGIN_ALLOW_THREADS
811-
rtn2 = wgetnstr(self->win,rtn,n);
815+
rtn2 = wgetnstr(self->win,rtn,MIN(n, 1023));
812816
Py_END_ALLOW_THREADS
813817
break;
814818
case 2:
815819
if (!PyArg_ParseTuple(args,"ii;y,x",&y,&x))
816820
return NULL;
817821
Py_BEGIN_ALLOW_THREADS
818-
rtn2 = mvwgetstr(self->win,y,x,rtn);
822+
rtn2 = mvwgetnstr(self->win,y,x,rtn, 1023);
819823
Py_END_ALLOW_THREADS
820824
break;
821825
case 3:
@@ -825,11 +829,11 @@ PyCursesWindow_GetStr(PyCursesWindowObject *self, PyObject *args)
825829
/* Untested */
826830
Py_BEGIN_ALLOW_THREADS
827831
rtn2 = wmove(self->win,y,x)==ERR ? ERR :
828-
wgetnstr(self->win, rtn, n);
832+
wgetnstr(self->win, rtn, MIN(n, 1023));
829833
Py_END_ALLOW_THREADS
830834
#else
831835
Py_BEGIN_ALLOW_THREADS
832-
rtn2 = mvwgetnstr(self->win, y, x, rtn, n);
836+
rtn2 = mvwgetnstr(self->win, y, x, rtn, MIN(n, 1023));
833837
Py_END_ALLOW_THREADS
834838
#endif
835839
break;
@@ -962,22 +966,22 @@ PyCursesWindow_InStr(PyCursesWindowObject *self, PyObject *args)
962966

963967
switch (PyTuple_Size(args)) {
964968
case 0:
965-
rtn2 = winstr(self->win,rtn);
969+
rtn2 = winnstr(self->win,rtn, 1023);
966970
break;
967971
case 1:
968972
if (!PyArg_ParseTuple(args,"i;n", &n))
969973
return NULL;
970-
rtn2 = winnstr(self->win,rtn,n);
974+
rtn2 = winnstr(self->win,rtn,MIN(n,1023));
971975
break;
972976
case 2:
973977
if (!PyArg_ParseTuple(args,"ii;y,x",&y,&x))
974978
return NULL;
975-
rtn2 = mvwinstr(self->win,y,x,rtn);
979+
rtn2 = mvwinnstr(self->win,y,x,rtn,1023);
976980
break;
977981
case 3:
978982
if (!PyArg_ParseTuple(args, "iii;y,x,n", &y, &x, &n))
979983
return NULL;
980-
rtn2 = mvwinnstr(self->win, y, x, rtn, n);
984+
rtn2 = mvwinnstr(self->win, y, x, rtn, MIN(n,1023));
981985
break;
982986
default:
983987
PyErr_SetString(PyExc_TypeError, "instr requires 0 or 3 arguments");

0 commit comments

Comments
 (0)