From: Brian Curtin <brian.curtin@gmail.com>
Date: Sun, 1 Aug 2010 15:47:53 +0000 (+0000)
Subject: Merged revisions 83407 via svnmerge from
X-Git-Tag: v2.7.1rc1~526
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ba6c08e67077a368c21016171446c26eef5c27d2;p=python

Merged revisions 83407 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r83407 | brian.curtin | 2010-08-01 10:26:26 -0500 (Sun, 01 Aug 2010) | 3 lines

  Fix #8105. Add validation to mmap.mmap so invalid file descriptors
  don't cause a crash on Windows.
........
---

diff --git a/Lib/test/test_mmap.py b/Lib/test/test_mmap.py
index 14dd278015..a3998e2e5f 100644
--- a/Lib/test/test_mmap.py
+++ b/Lib/test/test_mmap.py
@@ -1,6 +1,6 @@
 from test.test_support import TESTFN, run_unittest, import_module
 import unittest
-import os, re, itertools
+import os, re, itertools, socket
 
 mmap = import_module('mmap')
 
@@ -586,6 +586,16 @@ class MmapTests(unittest.TestCase):
                 pass
             m.close()
 
+        def test_invalid_descriptor(self):
+            # socket file descriptors are valid, but out of range
+            # for _get_osfhandle, causing a crash when validating the
+            # parameters to _get_osfhandle.
+            s = socket.socket()
+            try:
+                with self.assertRaises(mmap.error):
+                    m = mmap.mmap(s.fileno(), 10)
+            finally:
+                s.close()
 
 def test_main():
     run_unittest(MmapTests)
diff --git a/Misc/NEWS b/Misc/NEWS
index 2c3e7293a1..713e42293e 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -76,6 +76,8 @@ Library
 Extension Modules
 -----------------
 
+- Issue #8105: Validate file descriptor passed to mmap.mmap on Windows.
+
 - Issue #1019882: Fix IndexError when loading certain hotshot stats.
 
 - Issue #9422: Fix memory leak when re-initializing a struct.Struct object.
diff --git a/Modules/mmapmodule.c b/Modules/mmapmodule.c
index 1acd1d82e0..b53aae1341 100644
--- a/Modules/mmapmodule.c
+++ b/Modules/mmapmodule.c
@@ -1280,6 +1280,11 @@ new_mmap_object(PyTypeObject *type, PyObject *args, PyObject *kwdict)
                    "don't use 0 for anonymous memory");
      */
     if (fileno != -1 && fileno != 0) {
+        /* Ensure that fileno is within the CRT's valid range */
+        if (_PyVerify_fd(fileno) == 0) {
+            PyErr_SetFromErrno(mmap_module_error);
+            return NULL;
+        }
         fh = (HANDLE)_get_osfhandle(fileno);
         if (fh==(HANDLE)-1) {
             PyErr_SetFromErrno(mmap_module_error);