[Python-checkins] gh-127208: Reject null character in _imp.create_dynamic() (#127400)

Fri, 29 Nov 2024 07:20:54 -0800 

https://github.com/python/cpython/commit/b14fdadc6c620875a20b7ccc3c9b069e85d8557a
commit: b14fdadc6c620875a20b7ccc3c9b069e85d8557a
branch: main
author: Victor Stinner <[email protected]>
committer: vstinner <[email protected]>
date: 2024-11-29T16:20:38+01:00
summary:

gh-127208: Reject null character in _imp.create_dynamic() (#127400)

_imp.create_dynamic() now rejects embedded null characters in the
path and in the module name.

files:
M Lib/test/test_import/__init__.py
M Python/import.c

diff --git a/Lib/test/test_import/__init__.py b/Lib/test/test_import/__init__.py
index 0e39998ebb3783..c52b7f3e09bea1 100644
--- a/Lib/test/test_import/__init__.py
+++ b/Lib/test/test_import/__init__.py
@@ -1133,6 +1133,19 @@ def 
test_script_shadowing_stdlib_sys_path_modification(self):
                 stdout, stderr = popen.communicate()
                 self.assertRegex(stdout, expected_error)
 
+    def test_create_dynamic_null(self):
+        with self.assertRaisesRegex(ValueError, 'embedded null character'):
+            class Spec:
+                name = "a\x00b"
+                origin = "abc"
+            _imp.create_dynamic(Spec())
+
+        with self.assertRaisesRegex(ValueError, 'embedded null character'):
+            class Spec2:
+                name = "abc"
+                origin = "a\x00b"
+            _imp.create_dynamic(Spec2())
+
 
 @skip_if_dont_write_bytecode
 class FilePermissionTests(unittest.TestCase):
diff --git a/Python/import.c b/Python/import.c
index 09fe95fa1fb647..b3c384c27718ce 100644
--- a/Python/import.c
+++ b/Python/import.c
@@ -1157,12 +1157,14 @@ del_extensions_cache_value(struct 
extensions_cache_value *value)
 static void *
 hashtable_key_from_2_strings(PyObject *str1, PyObject *str2, const char sep)
 {
-    Py_ssize_t str1_len, str2_len;
-    const char *str1_data = PyUnicode_AsUTF8AndSize(str1, &str1_len);
-    const char *str2_data = PyUnicode_AsUTF8AndSize(str2, &str2_len);
+    const char *str1_data = _PyUnicode_AsUTF8NoNUL(str1);
+    const char *str2_data = _PyUnicode_AsUTF8NoNUL(str2);
     if (str1_data == NULL || str2_data == NULL) {
         return NULL;
     }
+    Py_ssize_t str1_len = strlen(str1_data);
+    Py_ssize_t str2_len = strlen(str2_data);
+
     /* Make sure sep and the NULL byte won't cause an overflow. */
     assert(SIZE_MAX - str1_len - str2_len > 2);
     size_t size = str1_len + 1 + str2_len + 1;

_______________________________________________
Python-checkins mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/python-checkins.python.org/
Member address: [email protected]

Reply via email to