Skip to content

Z
Zope
Commit 9c84c3a7 authored by Jim Fulton's avatar Jim Fulton
Browse files
Options

Added extra checkes to catch bad pickles like 'c'.

parent 9cf1bf6a
Hide whitespace changes
Inline Side-by-side
Showing with 23 additions and 4 deletions
lib/Components/cPickle/cPickle.c
View file @ 9c84c3a7
/* /*
* $Id: cPickle.c,v 1.62 1998/12/15 20:42:07 jim Exp $ * $Id: cPickle.c,v 1.63 1999/02/05 01:40:06 jim Exp $
* *
* Copyright (c) 1996-1998, Digital Creations, Fredericksburg, VA, USA. * Copyright (c) 1996-1998, Digital Creations, Fredericksburg, VA, USA.
* All rights reserved. * All rights reserved.
...@@ -49,7 +49,7 @@ ...@@ -49,7 +49,7 @@
static char cPickle_module_documentation[] = static char cPickle_module_documentation[] =
"C implementation and optimization of the Python pickle module\n" "C implementation and optimization of the Python pickle module\n"
"\n" "\n"
"$Id: cPickle.c,v 1.62 1998/12/15 20:42:07 jim Exp $\n" "$Id: cPickle.c,v 1.63 1999/02/05 01:40:06 jim Exp $\n"
; ;
#include "Python.h" #include "Python.h"
...@@ -2330,6 +2330,11 @@ load_none(Unpicklerobject *self) { ...@@ -2330,6 +2330,11 @@ load_none(Unpicklerobject *self) {
return 0; return 0;
} }
static int
bad_readline() {
PyErr_SetString(UnpicklingError, "pickle data was truncated");
return -1;
}
static int static int
load_int(Unpicklerobject *self) { load_int(Unpicklerobject *self) {
...@@ -2339,6 +2344,7 @@ load_int(Unpicklerobject *self) { ...@@ -2339,6 +2344,7 @@ load_int(Unpicklerobject *self) {
long l; long l;
if ((len = (*self->readline_func)(self, &s)) < 0) return -1; if ((len = (*self->readline_func)(self, &s)) < 0) return -1;
if (len < 2) return bad_readline();
UNLESS (s=pystrndup(s,len)) return -1; UNLESS (s=pystrndup(s,len)) return -1;
errno = 0; errno = 0;
...@@ -2440,6 +2446,7 @@ load_long(Unpicklerobject *self) { ...@@ -2440,6 +2446,7 @@ load_long(Unpicklerobject *self) {
int len, res = -1; int len, res = -1;
if ((len = (*self->readline_func)(self, &s)) < 0) return -1; if ((len = (*self->readline_func)(self, &s)) < 0) return -1;
if (len < 2) return bad_readline();
UNLESS (s=pystrndup(s,len)) return -1; UNLESS (s=pystrndup(s,len)) return -1;
UNLESS (l = PyLong_FromString(s, &end, 0)) UNLESS (l = PyLong_FromString(s, &end, 0))
...@@ -2464,6 +2471,7 @@ load_float(Unpicklerobject *self) { ...@@ -2464,6 +2471,7 @@ load_float(Unpicklerobject *self) {
double d; double d;
if ((len = (*self->readline_func)(self, &s)) < 0) return -1; if ((len = (*self->readline_func)(self, &s)) < 0) return -1;
if (len < 2) return bad_readline();
UNLESS (s=pystrndup(s,len)) return -1; UNLESS (s=pystrndup(s,len)) return -1;
errno = 0; errno = 0;
...@@ -2562,6 +2570,7 @@ load_string(Unpicklerobject *self) { ...@@ -2562,6 +2570,7 @@ load_string(Unpicklerobject *self) {
static PyObject *eval_dict = 0; static PyObject *eval_dict = 0;
if ((len = (*self->readline_func)(self, &s)) < 0) return -1; if ((len = (*self->readline_func)(self, &s)) < 0) return -1;
if (len < 2) return bad_readline();
UNLESS (s=pystrndup(s,len)) return -1; UNLESS (s=pystrndup(s,len)) return -1;
/* Check for unquoted quotes (evil strings) */ /* Check for unquoted quotes (evil strings) */
...@@ -2823,9 +2832,11 @@ load_inst(Unpicklerobject *self) { ...@@ -2823,9 +2832,11 @@ load_inst(Unpicklerobject *self) {
if ((i = marker(self)) < 0) return -1; if ((i = marker(self)) < 0) return -1;
if ((len = (*self->readline_func)(self, &s)) < 0) return -1; if ((len = (*self->readline_func)(self, &s)) < 0) return -1;
if (len < 2) return bad_readline();
UNLESS (module_name = PyString_FromStringAndSize(s, len - 1)) return -1; UNLESS (module_name = PyString_FromStringAndSize(s, len - 1)) return -1;
if ((len = (*self->readline_func)(self, &s)) >= 0) { if ((len = (*self->readline_func)(self, &s)) >= 0) {
if (len < 2) return bad_readline();
if (class_name = PyString_FromStringAndSize(s, len - 1)) { if (class_name = PyString_FromStringAndSize(s, len - 1)) {
class = find_class(module_name, class_name); class = find_class(module_name, class_name);
Py_DECREF(class_name); Py_DECREF(class_name);
...@@ -2855,9 +2866,11 @@ load_global(Unpicklerobject *self) { ...@@ -2855,9 +2866,11 @@ load_global(Unpicklerobject *self) {
char *s; char *s;
if ((len = (*self->readline_func)(self, &s)) < 0) return -1; if ((len = (*self->readline_func)(self, &s)) < 0) return -1;
if (len < 2) return bad_readline();
UNLESS (module_name = PyString_FromStringAndSize(s, len - 1)) return -1; UNLESS (module_name = PyString_FromStringAndSize(s, len - 1)) return -1;
if ((len = (*self->readline_func)(self, &s)) >= 0) { if ((len = (*self->readline_func)(self, &s)) >= 0) {
if (len < 2) return bad_readline();
if (class_name = PyString_FromStringAndSize(s, len - 1)) { if (class_name = PyString_FromStringAndSize(s, len - 1)) {
class = find_class(module_name, class_name); class = find_class(module_name, class_name);
Py_DECREF(class_name); Py_DECREF(class_name);
...@@ -2879,6 +2892,7 @@ load_persid(Unpicklerobject *self) { ...@@ -2879,6 +2892,7 @@ load_persid(Unpicklerobject *self) {
if (self->pers_func) { if (self->pers_func) {
if ((len = (*self->readline_func)(self, &s)) < 0) return -1; if ((len = (*self->readline_func)(self, &s)) < 0) return -1;
if (len < 2) return bad_readline();
UNLESS (pid = PyString_FromStringAndSize(s, len - 1)) return -1; UNLESS (pid = PyString_FromStringAndSize(s, len - 1)) return -1;
...@@ -2994,6 +3008,7 @@ load_get(Unpicklerobject *self) { ...@@ -2994,6 +3008,7 @@ load_get(Unpicklerobject *self) {
char *s; char *s;
if ((len = (*self->readline_func)(self, &s)) < 0) return -1; if ((len = (*self->readline_func)(self, &s)) < 0) return -1;
if (len < 2) return bad_readline();
UNLESS (py_str = PyString_FromStringAndSize(s, len - 1)) return -1; UNLESS (py_str = PyString_FromStringAndSize(s, len - 1)) return -1;
...@@ -3072,6 +3087,7 @@ load_put(Unpicklerobject *self) { ...@@ -3072,6 +3087,7 @@ load_put(Unpicklerobject *self) {
char *s; char *s;
if ((l = (*self->readline_func)(self, &s)) < 0) return -1; if ((l = (*self->readline_func)(self, &s)) < 0) return -1;
if (len < 2) return bad_readline();
UNLESS (len=self->stack->length) return stackUnderflow(); UNLESS (len=self->stack->length) return stackUnderflow();
UNLESS (py_str = PyString_FromStringAndSize(s, l - 1)) return -1; UNLESS (py_str = PyString_FromStringAndSize(s, l - 1)) return -1;
value=self->stack->data[len-1]; value=self->stack->data[len-1];
...@@ -3275,7 +3291,10 @@ load_mark(Unpicklerobject *self) { ...@@ -3275,7 +3291,10 @@ load_mark(Unpicklerobject *self) {
if ((self->num_marks + 1) >= self->marks_size) { if ((self->num_marks + 1) >= self->marks_size) {
s=self->marks_size+20; s=self->marks_size+20;
if (s <= self->num_marks) s=self->num_marks + 1; if (s <= self->num_marks) s=self->num_marks + 1;
self->marks =(int *)realloc(self->marks, s * sizeof(int)); if (self->marks)
self->marks=(int *)malloc(s * sizeof(int));
else
self->marks=(int *)realloc(self->marks, s * sizeof(int));
if (! self->marks) { if (! self->marks) {
PyErr_NoMemory(); PyErr_NoMemory();
return -1; return -1;
...@@ -4278,7 +4297,7 @@ init_stuff(PyObject *module, PyObject *module_dict) { ...@@ -4278,7 +4297,7 @@ init_stuff(PyObject *module, PyObject *module_dict) {
DL_EXPORT(void) DL_EXPORT(void)
initcPickle() { initcPickle() {
PyObject *m, *d, *v; PyObject *m, *d, *v;
char *rev="$Revision: 1.62 $"; char *rev="$Revision: 1.63 $";
PyObject *format_version; PyObject *format_version;
PyObject *compatible_formats; PyObject *compatible_formats;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7