From e884be67bd8437ce24877f1d10ad9f4713ca85d9 Mon Sep 17 00:00:00 2001 From: Jesus Cea Date: Wed, 3 Oct 2012 02:13:05 +0200 Subject: [PATCH] Closes #15897: zipimport.c doesn't check return value of fseek() --- Misc/ACKS | 1 + Misc/NEWS | 3 +++ Modules/zipimport.c | 42 +++++++++++++++++++++++++++++++++++------- 3 files changed, 39 insertions(+), 7 deletions(-) diff --git a/Misc/ACKS b/Misc/ACKS index e7e7cfb4f7..406447a69b 100644 --- a/Misc/ACKS +++ b/Misc/ACKS @@ -204,6 +204,7 @@ Christopher A. Craig Jeremy Craven Laura Creighton Simon Cross +Felipe Cruz Drew Csillag Joaquin Cuenca Abela John Cugini diff --git a/Misc/NEWS b/Misc/NEWS index 3717f68367..a02c07393c 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -38,6 +38,9 @@ Core and Builtins - Issue #15368: An issue that caused bytecode generation to be non-deterministic when using randomized hashing (-R) has been fixed. +- Issue #15897: zipimport.c doesn't check return value of fseek(). + Patch by Felipe Cruz. + - Issue #15033: Fix the exit status bug when modules invoked using -m swith, return the proper failure return value (1). Patch contributed by Jeff Knupp. diff --git a/Modules/zipimport.c b/Modules/zipimport.c index b7a1b8da9f..7240cb49b6 100644 --- a/Modules/zipimport.c +++ b/Modules/zipimport.c @@ -709,7 +709,12 @@ read_directory(char *archive) "'%.200s'", archive); return NULL; } - fseek(fp, -22, SEEK_END); + + if (fseek(fp, -22, SEEK_END) == -1) { + fclose(fp); + PyErr_Format(ZipImportError, "can't read Zip file: %s", archive); + return NULL; + } header_position = ftell(fp); if (fread(endof_central_dir, 1, 22, fp) != 22) { fclose(fp); @@ -743,11 +748,13 @@ read_directory(char *archive) PyObject *t; int err; - fseek(fp, header_offset, 0); /* Start of file header */ + if (fseek(fp, header_offset, 0) == -1) /* Start of file header */ + goto fseek_error; l = PyMarshal_ReadLongFromFile(fp); if (l != 0x02014B50) break; /* Bad: Central Dir File Header */ - fseek(fp, header_offset + 10, 0); + if (fseek(fp, header_offset + 10, 0) == -1) + goto fseek_error; compress = PyMarshal_ReadShortFromFile(fp); time = PyMarshal_ReadShortFromFile(fp); date = PyMarshal_ReadShortFromFile(fp); @@ -758,7 +765,8 @@ read_directory(char *archive) header_size = 46 + name_size + PyMarshal_ReadShortFromFile(fp) + PyMarshal_ReadShortFromFile(fp); - fseek(fp, header_offset + 42, 0); + if (fseek(fp, header_offset + 42, 0) == -1) + goto fseek_error; file_offset = PyMarshal_ReadLongFromFile(fp) + arc_offset; if (name_size > MAXPATHLEN) name_size = MAXPATHLEN; @@ -790,6 +798,11 @@ read_directory(char *archive) PySys_WriteStderr("# zipimport: found %ld names in %s\n", count, archive); return files; +fseek_error: + fclose(fp); + Py_XDECREF(files); + PyErr_Format(ZipImportError, "can't read Zip file: %s", archive); + return NULL; error: fclose(fp); Py_XDECREF(files); @@ -857,7 +870,12 @@ get_data(char *archive, PyObject *toc_entry) } /* Check to make sure the local file header is correct */ - fseek(fp, file_offset, 0); + if (fseek(fp, file_offset, 0) == -1) { + fclose(fp); + PyErr_Format(ZipImportError, "can't read Zip file: %s", archive); + return NULL; + } + l = PyMarshal_ReadLongFromFile(fp); if (l != 0x04034B50) { /* Bad: Local File Header */ @@ -867,7 +885,12 @@ get_data(char *archive, PyObject *toc_entry) fclose(fp); return NULL; } - fseek(fp, file_offset + 26, 0); + if (fseek(fp, file_offset + 26, 0) == -1) { + fclose(fp); + PyErr_Format(ZipImportError, "can't read Zip file: %s", archive); + return NULL; + } + l = 30 + PyMarshal_ReadShortFromFile(fp) + PyMarshal_ReadShortFromFile(fp); /* local header size */ file_offset += l; /* Start of file data */ @@ -881,8 +904,13 @@ get_data(char *archive, PyObject *toc_entry) buf = PyString_AsString(raw_data); err = fseek(fp, file_offset, 0); - if (err == 0) + if (err == 0) { bytes_read = fread(buf, 1, data_size, fp); + } else { + fclose(fp); + PyErr_Format(ZipImportError, "can't read Zip file: %s", archive); + return NULL; + } fclose(fp); if (err || bytes_read != data_size) { PyErr_SetString(PyExc_IOError, -- 2.49.0