rpms / python

Clone
Source Code
GIT

Files

f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f27 f7 f8 f9 main rawhide
  1.   f11
  2.   python-2.6-CVE-2008-5983.patch
Blob Blame History Raw 
diff -up Python-2.6/Doc/c-api/init.rst.CVE-2008-5983 Python-2.6/Doc/c-api/init.rst
--- Python-2.6/Doc/c-api/init.rst.CVE-2008-5983	2008-01-05 15:33:46.000000000 -0500
+++ Python-2.6/Doc/c-api/init.rst	2010-06-04 17:20:40.585131325 -0400
@@ -22,6 +22,7 @@ Initialization, Finalization, and Thread
       module: sys
       triple: module; search; path
       single: PySys_SetArgv()
+      single: PySys_SetArgvEx()
       single: Py_Finalize()
 
    Initialize the Python interpreter.  In an application embedding  Python, this
@@ -31,7 +32,7 @@ Initialization, Finalization, and Thread
    the table of loaded modules (``sys.modules``), and creates the fundamental
    modules :mod:`__builtin__`, :mod:`__main__` and :mod:`sys`.  It also initializes
    the module search path (``sys.path``). It does not set ``sys.argv``; use
-   :cfunc:`PySys_SetArgv` for that.  This is a no-op when called for a second time
+   :cfunc:`PySys_SetArgvEx` for that.  This is a no-op when called for a second time
    (without calling :cfunc:`Py_Finalize` first).  There is no return value; it is a
    fatal error if the initialization fails.
 
@@ -346,7 +347,7 @@ Initialization, Finalization, and Thread
    ``sys.version``.
 
 
-.. cfunction:: void PySys_SetArgv(int argc, char **argv)
+.. cfunction:: void PySys_SetArgvEx(int argc, char **argv, int updatepath)
 
    .. index::
       single: main()
@@ -361,9 +362,40 @@ Initialization, Finalization, and Thread
    to initialize ``sys.argv``, a fatal condition is signalled using
    :cfunc:`Py_FatalError`.
 
+   If *updatepath* is zero, this is all the function does.  If *updatepath*
+   is non-zero, the function also modifies :data:`sys.path` according to the
+   following algorithm:
+
+   - If the name of an existing script is passed in ``argv[0]``, the absolute
+     path of the directory where the script is located is prepended to
+     :data:`sys.path`.
+   - Otherwise (that is, if *argc* is 0 or ``argv[0]`` doesn't point
+     to an existing file name), an empty string is prepended to
+     :data:`sys.path`, which is the same as prepending the current working
+     directory (``"."``).
+
+   .. note::
+      It is recommended that applications embedding the Python interpreter
+      for purposes other than executing a single script pass 0 as *updatepath*,
+      and update :data:`sys.path` themselves if desired.
+      See `CVE-2008-5983 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5983>`_.
+
+      On versions before 2.6.6, you can achieve the same effect by manually
+      popping the first :data:`sys.path` element after having called
+      :cfunc:`PySys_SetArgv`, for example using::
+
+         PyRun_SimpleString("import sys; sys.path.pop(0)\n");
+
+   .. versionadded:: 2.6.6
+
    .. XXX impl. doesn't seem consistent in allowing 0/NULL for the params;
       check w/ Guido.
 
+.. cfunction:: void PySys_SetArgv(int argc, char **argv)
+
+   This function works like :cfunc:`PySys_SetArgv` with *updatepath* set to 1.
+
+
 
 .. _threads:
 
diff -up Python-2.6/Include/sysmodule.h.CVE-2008-5983 Python-2.6/Include/sysmodule.h
--- Python-2.6/Include/sysmodule.h.CVE-2008-5983	2008-04-12 19:44:07.000000000 -0400
+++ Python-2.6/Include/sysmodule.h	2010-06-04 17:18:41.819963896 -0400
@@ -11,6 +11,7 @@ PyAPI_FUNC(PyObject *) PySys_GetObject(c
 PyAPI_FUNC(int) PySys_SetObject(char *, PyObject *);
 PyAPI_FUNC(FILE *) PySys_GetFile(char *, FILE *);
 PyAPI_FUNC(void) PySys_SetArgv(int, char **);
+PyAPI_FUNC(void) PySys_SetArgvEx(int, char **, int);
 PyAPI_FUNC(void) PySys_SetPath(char *);
 
 PyAPI_FUNC(void) PySys_WriteStdout(const char *format, ...)
diff -up Python-2.6/Misc/NEWS.CVE-2008-5983 Python-2.6/Misc/NEWS
--- Python-2.6/Misc/NEWS.CVE-2008-5983	2008-10-01 17:46:40.000000000 -0400
+++ Python-2.6/Misc/NEWS	2010-06-04 17:18:41.820965139 -0400
@@ -149,6 +149,14 @@ C-API
 
 - Aliased PyObject_Bytes to PyObject_Str.
 
+C-API
+-----
+
+- Issue #5753: A new C API function, :cfunc:`PySys_SetArgvEx`, allows
+  embedders of the interpreter to set sys.argv without also modifying
+  sys.path.  This helps fix `CVE-2008-5983
+  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5983>`_.
+
 Library
 -------
 
diff -up Python-2.6/Python/sysmodule.c.CVE-2008-5983 Python-2.6/Python/sysmodule.c
--- Python-2.6/Python/sysmodule.c.CVE-2008-5983	2010-06-04 17:18:41.778963331 -0400
+++ Python-2.6/Python/sysmodule.c	2010-06-04 17:18:41.821965213 -0400
@@ -1522,7 +1522,7 @@ makeargvobject(int argc, char **argv)
 }
 
 void
-PySys_SetArgv(int argc, char **argv)
+PySys_SetArgvEx(int argc, char **argv, int updatepath)
 {
 #ifndef HAVE_CANONICALIZE_FILE_NAME
 #if defined(HAVE_REALPATH)
@@ -1537,7 +1537,7 @@ PySys_SetArgv(int argc, char **argv)
 		Py_FatalError("no mem for sys.argv");
 	if (PySys_SetObject("argv", av) != 0)
 		Py_FatalError("can't assign sys.argv");
-	if (path != NULL) {
+	if (updatepath && path != NULL) {
 		char *argv0 = argv[0];
 		char *p = NULL;
 		Py_ssize_t n = 0;
@@ -1687,6 +1687,12 @@ PySys_SetArgv(int argc, char **argv)
 	Py_DECREF(av);
 }
 
+void
+PySys_SetArgv(int argc, char **argv)
+{
+    PySys_SetArgvEx(argc, argv, 1);
+}
+
 
 /* APIs to write to sys.stdout or sys.stderr using a printf-like interface.
    Adapted from code submitted by Just van Rossum.
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.