From: Serhiy Storchaka Date: Thu, 9 Nov 2017 21:05:59 +0000 (+0200) Subject: [2.7] bpo-31927: Fix reading arbitrary data when parse a AF_BLUETOOTH address (GH... X-Git-Tag: v2.7.15rc1~128 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=1bce4efdb4624561adce62e544dbe20ec2627ae2;p=python [2.7] bpo-31927: Fix reading arbitrary data when parse a AF_BLUETOOTH address (GH-4235) (GH-4352) (#4355) on NetBSD and DragonFly BSD. (cherry picked from commit d3187158c09cf899e9849f335bdff10594209167). (cherry picked from commit 596286f8f3c8e53ef010d6298464775dc900a515) --- diff --git a/Misc/NEWS.d/next/Library/2017-11-02-18-26-40.bpo-31927.40K6kp.rst b/Misc/NEWS.d/next/Library/2017-11-02-18-26-40.bpo-31927.40K6kp.rst new file mode 100644 index 0000000000..3354eeb155 --- /dev/null +++ b/Misc/NEWS.d/next/Library/2017-11-02-18-26-40.bpo-31927.40K6kp.rst @@ -0,0 +1,2 @@ +Fixed reading arbitrary data when parse a AF_BLUETOOTH address on NetBSD and +DragonFly BSD. diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c index 3e3c05f540..8d3670529e 100644 --- a/Modules/socketmodule.c +++ b/Modules/socketmodule.c @@ -1005,7 +1005,7 @@ makeipaddr(struct sockaddr *addr, int addrlen) an error occurred. */ static int -setbdaddr(char *name, bdaddr_t *bdaddr) +setbdaddr(const char *name, bdaddr_t *bdaddr) { unsigned int b0, b1, b2, b3, b4, b5; char ch; @@ -1062,7 +1062,7 @@ makesockaddr(int sockfd, struct sockaddr *addr, int addrlen, int proto) #ifdef __BEOS__ /* XXX: BeOS version of accept() doesn't set family correctly */ addr->sa_family = AF_INET; -#endif +#endif /* __BEOS__ */ switch (addr->sa_family) { @@ -1123,7 +1123,7 @@ makesockaddr(int sockfd, struct sockaddr *addr, int addrlen, int proto) } return ret; } -#endif +#endif /* ENABLE_IPV6 */ #ifdef USE_BLUETOOTH case AF_BLUETOOTH: @@ -1162,11 +1162,11 @@ makesockaddr(int sockfd, struct sockaddr *addr, int addrlen, int proto) struct sockaddr_hci *a = (struct sockaddr_hci *) addr; #if defined(__NetBSD__) || defined(__DragonFly__) return makebdaddr(&_BT_HCI_MEMB(a, bdaddr)); -#else +#else /* __NetBSD__ || __DragonFly__ */ PyObject *ret = NULL; ret = Py_BuildValue("i", _BT_HCI_MEMB(a, dev)); return ret; -#endif +#endif /* !(__NetBSD__ || __DragonFly__) */ } #if !defined(__FreeBSD__) @@ -1175,20 +1175,20 @@ makesockaddr(int sockfd, struct sockaddr *addr, int addrlen, int proto) struct sockaddr_sco *a = (struct sockaddr_sco *) addr; return makebdaddr(&_BT_SCO_MEMB(a, bdaddr)); } -#endif +#endif /* !__FreeBSD__ */ default: PyErr_SetString(PyExc_ValueError, "Unknown Bluetooth protocol"); return NULL; } -#endif +#endif /* USE_BLUETOOTH */ #if defined(HAVE_NETPACKET_PACKET_H) && defined(SIOCGIFNAME) case AF_PACKET: { struct sockaddr_ll *a = (struct sockaddr_ll *)addr; - char *ifname = ""; + const char *ifname = ""; struct ifreq ifr; /* need to look up interface name give index */ if (a->sll_ifindex) { @@ -1204,7 +1204,7 @@ makesockaddr(int sockfd, struct sockaddr *addr, int addrlen, int proto) a->sll_addr, a->sll_halen); } -#endif +#endif /* HAVE_NETPACKET_PACKET_H && SIOCGIFNAME */ #ifdef HAVE_LINUX_TIPC_H case AF_TIPC: @@ -1237,7 +1237,7 @@ makesockaddr(int sockfd, struct sockaddr *addr, int addrlen, int proto) return NULL; } } -#endif +#endif /* HAVE_LINUX_TIPC_H */ /* More cases here... */ @@ -1298,9 +1298,9 @@ getsockaddrarg(PySocketSockObject *s, PyObject *args, memcpy(addr->sun_path, path, len); #if defined(PYOS_OS2) *len_ret = sizeof(*addr); -#else +#else /* PYOS_OS2 */ *len_ret = len + offsetof(struct sockaddr_un, sun_path); -#endif +#endif /* !PYOS_OS2 */ return 1; } #endif /* AF_UNIX */ @@ -1327,7 +1327,7 @@ getsockaddrarg(PySocketSockObject *s, PyObject *args, *len_ret = sizeof(*addr); return 1; } -#endif +#endif /* AF_NETLINK */ case AF_INET: { @@ -1409,7 +1409,7 @@ getsockaddrarg(PySocketSockObject *s, PyObject *args, *len_ret = sizeof *addr; return 1; } -#endif +#endif /* ENABLE_IPV6 */ #ifdef USE_BLUETOOTH case AF_BLUETOOTH: @@ -1418,7 +1418,7 @@ getsockaddrarg(PySocketSockObject *s, PyObject *args, case BTPROTO_L2CAP: { struct sockaddr_l2 *addr; - char *straddr; + const char *straddr; addr = (struct sockaddr_l2 *)addr_ret; memset(addr, 0, sizeof(struct sockaddr_l2)); @@ -1438,7 +1438,7 @@ getsockaddrarg(PySocketSockObject *s, PyObject *args, case BTPROTO_RFCOMM: { struct sockaddr_rc *addr; - char *straddr; + const char *straddr; addr = (struct sockaddr_rc *)addr_ret; _BT_RC_MEMB(addr, family) = AF_BLUETOOTH; @@ -1458,24 +1458,24 @@ getsockaddrarg(PySocketSockObject *s, PyObject *args, { struct sockaddr_hci *addr = (struct sockaddr_hci *)addr_ret; #if defined(__NetBSD__) || defined(__DragonFly__) - char *straddr = PyBytes_AS_STRING(args); - - _BT_HCI_MEMB(addr, family) = AF_BLUETOOTH; - if (straddr == NULL) { - PyErr_SetString(socket_error, "getsockaddrarg: " + const char *straddr; + _BT_HCI_MEMB(addr, family) = AF_BLUETOOTH; + if (!PyBytes_Check(args)) { + PyErr_SetString(PyExc_OSError, "getsockaddrarg: " "wrong format"); return 0; } + straddr = PyBytes_AS_STRING(args); if (setbdaddr(straddr, &_BT_HCI_MEMB(addr, bdaddr)) < 0) return 0; -#else +#else /* __NetBSD__ || __DragonFly__ */ _BT_HCI_MEMB(addr, family) = AF_BLUETOOTH; if (!PyArg_ParseTuple(args, "i", &_BT_HCI_MEMB(addr, dev))) { PyErr_SetString(socket_error, "getsockaddrarg: " "wrong format"); return 0; } -#endif +#endif /* !(__NetBSD__ || __DragonFly__) */ *len_ret = sizeof *addr; return 1; } @@ -1483,7 +1483,7 @@ getsockaddrarg(PySocketSockObject *s, PyObject *args, case BTPROTO_SCO: { struct sockaddr_sco *addr; - char *straddr; + const char *straddr; addr = (struct sockaddr_sco *)addr_ret; _BT_SCO_MEMB(addr, family) = AF_BLUETOOTH; @@ -1499,20 +1499,20 @@ getsockaddrarg(PySocketSockObject *s, PyObject *args, *len_ret = sizeof *addr; return 1; } -#endif +#endif /* !__FreeBSD__ */ default: PyErr_SetString(socket_error, "getsockaddrarg: unknown Bluetooth protocol"); return 0; } } -#endif +#endif /* USE_BLUETOOTH */ #if defined(HAVE_NETPACKET_PACKET_H) && defined(SIOCGIFINDEX) case AF_PACKET: { struct sockaddr_ll* addr; struct ifreq ifr; - char *interfaceName; + const char *interfaceName; int protoNumber; int hatype = 0; int pkttype = 0; @@ -1561,7 +1561,7 @@ getsockaddrarg(PySocketSockObject *s, PyObject *args, *len_ret = sizeof *addr; return 1; } -#endif +#endif /* HAVE_NETPACKET_PACKET_H && SIOCGIFINDEX */ #ifdef HAVE_LINUX_TIPC_H case AF_TIPC: @@ -1611,7 +1611,7 @@ getsockaddrarg(PySocketSockObject *s, PyObject *args, return 1; } -#endif +#endif /* HAVE_LINUX_TIPC_H */ /* More cases here... */ @@ -1646,7 +1646,7 @@ getsockaddrlen(PySocketSockObject *s, socklen_t *len_ret) *len_ret = sizeof (struct sockaddr_nl); return 1; } -#endif +#endif /* AF_NETLINK */ case AF_INET: { @@ -1660,7 +1660,7 @@ getsockaddrlen(PySocketSockObject *s, socklen_t *len_ret) *len_ret = sizeof (struct sockaddr_in6); return 1; } -#endif +#endif /* ENABLE_IPV6 */ #ifdef USE_BLUETOOTH case AF_BLUETOOTH: @@ -1681,7 +1681,7 @@ getsockaddrlen(PySocketSockObject *s, socklen_t *len_ret) case BTPROTO_SCO: *len_ret = sizeof (struct sockaddr_sco); return 1; -#endif +#endif /* !__FreeBSD__ */ default: PyErr_SetString(socket_error, "getsockaddrlen: " "unknown BT protocol"); @@ -1689,7 +1689,7 @@ getsockaddrlen(PySocketSockObject *s, socklen_t *len_ret) } } -#endif +#endif /* USE_BLUETOOTH */ #ifdef HAVE_NETPACKET_PACKET_H case AF_PACKET: @@ -1697,7 +1697,7 @@ getsockaddrlen(PySocketSockObject *s, socklen_t *len_ret) *len_ret = sizeof (struct sockaddr_ll); return 1; } -#endif +#endif /* HAVE_NETPACKET_PACKET_H */ #ifdef HAVE_LINUX_TIPC_H case AF_TIPC: @@ -1705,7 +1705,7 @@ getsockaddrlen(PySocketSockObject *s, socklen_t *len_ret) *len_ret = sizeof (struct sockaddr_tipc); return 1; } -#endif +#endif /* HAVE_LINUX_TIPC_H */ /* More cases here... */ @@ -3554,7 +3554,7 @@ socket_gethostbyaddr(PyObject *self, PyObject *args) int result; #endif #endif /* HAVE_GETHOSTBYNAME_R */ - char *ap; + const char *ap; int al; int af; @@ -3623,7 +3623,7 @@ for a host. The host argument is a string giving a host name or IP number."); static PyObject * socket_getservbyname(PyObject *self, PyObject *args) { - char *name, *proto=NULL; + const char *name, *proto=NULL; struct servent *sp; if (!PyArg_ParseTuple(args, "s|s:getservbyname", &name, &proto)) return NULL; @@ -3654,7 +3654,7 @@ static PyObject * socket_getservbyport(PyObject *self, PyObject *args) { int port; - char *proto=NULL; + const char *proto=NULL; struct servent *sp; if (!PyArg_ParseTuple(args, "i|s:getservbyport", &port, &proto)) return NULL; @@ -3689,7 +3689,7 @@ otherwise any protocol will match."); static PyObject * socket_getprotobyname(PyObject *self, PyObject *args) { - char *name; + const char *name; struct protoent *sp; #ifdef __BEOS__ /* Not available in BeOS yet. - [cjh] */ @@ -3964,7 +3964,7 @@ socket_inet_aton(PyObject *self, PyObject *args) /* Have to use inet_addr() instead */ unsigned int packed_addr; #endif - char *ip_addr; + const char *ip_addr; if (!PyArg_ParseTuple(args, "s:inet_aton", &ip_addr)) return NULL; @@ -4054,7 +4054,7 @@ static PyObject * socket_inet_pton(PyObject *self, PyObject *args) { int af; - char* ip; + const char* ip; int retval; #ifdef ENABLE_IPV6 char packed[MAX(sizeof(struct in_addr), sizeof(struct in6_addr))]; @@ -4280,7 +4280,7 @@ socket_getnameinfo(PyObject *self, PyObject *args) { PyObject *sa = (PyObject *)NULL; int flags; - char *hostp; + const char *hostp; int port; unsigned int flowinfo, scope_id; char hbuf[NI_MAXHOST], pbuf[NI_MAXSERV];