Merged revisions 83407 via svnmerge from

svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r83407 | brian.curtin | 2010-08-01 10:26:26 -0500 (Sun, 01 Aug 2010) | 3 lines

  Fix #8105. Add validation to mmap.mmap so invalid file descriptors
  don't cause a crash on Windows.
........

diff --git a/Lib/test/test_mmap.py b/Lib/test/test_mmap.py
index 14dd27801585c1a70bc7906d84a9b5c29a530b79..a3998e2e5f672a5e817851d071c1071712347dd1 100644 (file)
--- a/Lib/test/test_mmap.py
+++ b/Lib/test/test_mmap.py
@@ -1,6 +1,6 @@
 from test.test_support import TESTFN, run_unittest, import_module
 import unittest
-import os, re, itertools
+import os, re, itertools, socket
 
 mmap = import_module('mmap')
 
@@ -586,6 +586,16 @@ class MmapTests(unittest.TestCase):
                 pass
             m.close()
 
+        def test_invalid_descriptor(self):
+            # socket file descriptors are valid, but out of range
+            # for _get_osfhandle, causing a crash when validating the
+            # parameters to _get_osfhandle.
+            s = socket.socket()
+            try:
+                with self.assertRaises(mmap.error):
+                    m = mmap.mmap(s.fileno(), 10)
+            finally:
+                s.close()
 
 def test_main():
     run_unittest(MmapTests)

diff --git a/Misc/NEWS b/Misc/NEWS
index 2c3e7293a1394ad402a7181d306e794ee4c7f227..713e42293e53fd02e79bd2d92c9cb3ba3a6a0dc9 100644 (file)
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -76,6 +76,8 @@ Library
 Extension Modules
 -----------------
 
+- Issue #8105: Validate file descriptor passed to mmap.mmap on Windows.
+
 - Issue #1019882: Fix IndexError when loading certain hotshot stats.
 
 - Issue #9422: Fix memory leak when re-initializing a struct.Struct object.

diff --git a/Modules/mmapmodule.c b/Modules/mmapmodule.c
index 1acd1d82e03e813c2112cfc28b4d1a2346d76c27..b53aae1341f57ae1516dc0f5e7e6b3e79e262445 100644 (file)
--- a/Modules/mmapmodule.c
+++ b/Modules/mmapmodule.c
@@ -1280,6 +1280,11 @@ new_mmap_object(PyTypeObject *type, PyObject *args, PyObject *kwdict)
                    "don't use 0 for anonymous memory");
      */
     if (fileno != -1 && fileno != 0) {
+        /* Ensure that fileno is within the CRT's valid range */
+        if (_PyVerify_fd(fileno) == 0) {
+            PyErr_SetFromErrno(mmap_module_error);
+            return NULL;
+        }
         fh = (HANDLE)_get_osfhandle(fileno);
         if (fh==(HANDLE)-1) {
             PyErr_SetFromErrno(mmap_module_error);