From: Brian Curtin Date: Sun, 1 Aug 2010 15:47:53 +0000 (+0000) Subject: Merged revisions 83407 via svnmerge from X-Git-Tag: v2.7.1rc1~526 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ba6c08e67077a368c21016171446c26eef5c27d2;p=python Merged revisions 83407 via svnmerge from svn+ssh://pythondev@svn.python.org/python/branches/py3k ........ r83407 | brian.curtin | 2010-08-01 10:26:26 -0500 (Sun, 01 Aug 2010) | 3 lines Fix #8105. Add validation to mmap.mmap so invalid file descriptors don't cause a crash on Windows. ........ --- diff --git a/Lib/test/test_mmap.py b/Lib/test/test_mmap.py index 14dd278015..a3998e2e5f 100644 --- a/Lib/test/test_mmap.py +++ b/Lib/test/test_mmap.py @@ -1,6 +1,6 @@ from test.test_support import TESTFN, run_unittest, import_module import unittest -import os, re, itertools +import os, re, itertools, socket mmap = import_module('mmap') @@ -586,6 +586,16 @@ class MmapTests(unittest.TestCase): pass m.close() + def test_invalid_descriptor(self): + # socket file descriptors are valid, but out of range + # for _get_osfhandle, causing a crash when validating the + # parameters to _get_osfhandle. + s = socket.socket() + try: + with self.assertRaises(mmap.error): + m = mmap.mmap(s.fileno(), 10) + finally: + s.close() def test_main(): run_unittest(MmapTests) diff --git a/Misc/NEWS b/Misc/NEWS index 2c3e7293a1..713e42293e 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -76,6 +76,8 @@ Library Extension Modules ----------------- +- Issue #8105: Validate file descriptor passed to mmap.mmap on Windows. + - Issue #1019882: Fix IndexError when loading certain hotshot stats. - Issue #9422: Fix memory leak when re-initializing a struct.Struct object. diff --git a/Modules/mmapmodule.c b/Modules/mmapmodule.c index 1acd1d82e0..b53aae1341 100644 --- a/Modules/mmapmodule.c +++ b/Modules/mmapmodule.c @@ -1280,6 +1280,11 @@ new_mmap_object(PyTypeObject *type, PyObject *args, PyObject *kwdict) "don't use 0 for anonymous memory"); */ if (fileno != -1 && fileno != 0) { + /* Ensure that fileno is within the CRT's valid range */ + if (_PyVerify_fd(fileno) == 0) { + PyErr_SetFromErrno(mmap_module_error); + return NULL; + } fh = (HANDLE)_get_osfhandle(fileno); if (fh==(HANDLE)-1) { PyErr_SetFromErrno(mmap_module_error);