1 Fix CVE-2021-3177 for Python 3.8:
3 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3177
5 Patch copied from upstream source repository:
7 https://github.com/python/cpython/commit/ece5dfd403dac211f8d3c72701fe7ba7b7aa5b5f
9 From ece5dfd403dac211f8d3c72701fe7ba7b7aa5b5f Mon Sep 17 00:00:00 2001
10 From: "Miss Islington (bot)"
11 <31488909+miss-islington@users.noreply.github.com>
12 Date: Mon, 18 Jan 2021 13:28:52 -0800
13 Subject: [PATCH] closes bpo-42938: Replace snprintf with Python unicode
14 formatting in ctypes param reprs. (GH-24248)
16 (cherry picked from commit 916610ef90a0d0761f08747f7b0905541f0977c7)
18 Co-authored-by: Benjamin Peterson <benjamin@python.org>
20 Co-authored-by: Benjamin Peterson <benjamin@python.org>
22 Lib/ctypes/test/test_parameters.py | 43 ++++++++++++++++
23 .../2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst | 2 +
24 Modules/_ctypes/callproc.c | 51 +++++++------------
25 3 files changed, 64 insertions(+), 32 deletions(-)
26 create mode 100644 Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
28 diff --git a/Lib/ctypes/test/test_parameters.py b/Lib/ctypes/test/test_parameters.py
29 index e4c25fd880cef..531894fdec838 100644
30 --- a/Lib/ctypes/test/test_parameters.py
31 +++ b/Lib/ctypes/test/test_parameters.py
32 @@ -201,6 +201,49 @@ def __dict__(self):
33 with self.assertRaises(ZeroDivisionError):
34 WorseStruct().__setstate__({}, b'foo')
36 + def test_parameter_repr(self):
37 + from ctypes import (
58 + self.assertRegex(repr(c_bool.from_param(True)), r"^<cparam '\?' at 0x[A-Fa-f0-9]+>$")
59 + self.assertEqual(repr(c_char.from_param(97)), "<cparam 'c' ('a')>")
60 + self.assertRegex(repr(c_wchar.from_param('a')), r"^<cparam 'u' at 0x[A-Fa-f0-9]+>$")
61 + self.assertEqual(repr(c_byte.from_param(98)), "<cparam 'b' (98)>")
62 + self.assertEqual(repr(c_ubyte.from_param(98)), "<cparam 'B' (98)>")
63 + self.assertEqual(repr(c_short.from_param(511)), "<cparam 'h' (511)>")
64 + self.assertEqual(repr(c_ushort.from_param(511)), "<cparam 'H' (511)>")
65 + self.assertRegex(repr(c_int.from_param(20000)), r"^<cparam '[li]' \(20000\)>$")
66 + self.assertRegex(repr(c_uint.from_param(20000)), r"^<cparam '[LI]' \(20000\)>$")
67 + self.assertRegex(repr(c_long.from_param(20000)), r"^<cparam '[li]' \(20000\)>$")
68 + self.assertRegex(repr(c_ulong.from_param(20000)), r"^<cparam '[LI]' \(20000\)>$")
69 + self.assertRegex(repr(c_longlong.from_param(20000)), r"^<cparam '[liq]' \(20000\)>$")
70 + self.assertRegex(repr(c_ulonglong.from_param(20000)), r"^<cparam '[LIQ]' \(20000\)>$")
71 + self.assertEqual(repr(c_float.from_param(1.5)), "<cparam 'f' (1.5)>")
72 + self.assertEqual(repr(c_double.from_param(1.5)), "<cparam 'd' (1.5)>")
73 + self.assertEqual(repr(c_double.from_param(1e300)), "<cparam 'd' (1e+300)>")
74 + self.assertRegex(repr(c_longdouble.from_param(1.5)), r"^<cparam ('d' \(1.5\)|'g' at 0x[A-Fa-f0-9]+)>$")
75 + self.assertRegex(repr(c_char_p.from_param(b'hihi')), "^<cparam 'z' \(0x[A-Fa-f0-9]+\)>$")
76 + self.assertRegex(repr(c_wchar_p.from_param('hihi')), "^<cparam 'Z' \(0x[A-Fa-f0-9]+\)>$")
77 + self.assertRegex(repr(c_void_p.from_param(0x12)), r"^<cparam 'P' \(0x0*12\)>$")
79 ################################################################
81 if __name__ == '__main__':
82 #diff --git a/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
84 #index 0000000000000..7df65a156feab
86 #+++ b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
88 #+Avoid static buffers when computing the repr of :class:`ctypes.c_double` and
89 #+:class:`ctypes.c_longdouble` values.
90 diff --git a/Modules/_ctypes/callproc.c b/Modules/_ctypes/callproc.c
91 index a9b8675cd951b..de75918d49f37 100644
92 --- a/Modules/_ctypes/callproc.c
93 +++ b/Modules/_ctypes/callproc.c
94 @@ -484,58 +484,47 @@ is_literal_char(unsigned char c)
96 PyCArg_repr(PyCArgObject *self)
102 - sprintf(buffer, "<cparam '%c' (%d)>",
103 + return PyUnicode_FromFormat("<cparam '%c' (%d)>",
104 self->tag, self->value.b);
108 - sprintf(buffer, "<cparam '%c' (%d)>",
109 + return PyUnicode_FromFormat("<cparam '%c' (%d)>",
110 self->tag, self->value.h);
114 - sprintf(buffer, "<cparam '%c' (%d)>",
115 + return PyUnicode_FromFormat("<cparam '%c' (%d)>",
116 self->tag, self->value.i);
120 - sprintf(buffer, "<cparam '%c' (%ld)>",
121 + return PyUnicode_FromFormat("<cparam '%c' (%ld)>",
122 self->tag, self->value.l);
129 - "<cparam '%c' (%I64d)>",
131 - "<cparam '%c' (%lld)>",
133 + return PyUnicode_FromFormat("<cparam '%c' (%lld)>",
134 self->tag, self->value.q);
137 - sprintf(buffer, "<cparam '%c' (%f)>",
138 - self->tag, self->value.d);
141 - sprintf(buffer, "<cparam '%c' (%f)>",
142 - self->tag, self->value.f);
146 + PyObject *f = PyFloat_FromDouble((self->tag == 'f') ? self->value.f : self->value.d);
150 + PyObject *result = PyUnicode_FromFormat("<cparam '%c' (%R)>", self->tag, f);
155 if (is_literal_char((unsigned char)self->value.c)) {
156 - sprintf(buffer, "<cparam '%c' ('%c')>",
157 + return PyUnicode_FromFormat("<cparam '%c' ('%c')>",
158 self->tag, self->value.c);
161 - sprintf(buffer, "<cparam '%c' ('\\x%02x')>",
162 + return PyUnicode_FromFormat("<cparam '%c' ('\\x%02x')>",
163 self->tag, (unsigned char)self->value.c);
167 /* Hm, are these 'z' and 'Z' codes useful at all?
168 Shouldn't they be replaced by the functionality of c_string
169 @@ -544,22 +533,20 @@ PyCArg_repr(PyCArgObject *self)
173 - sprintf(buffer, "<cparam '%c' (%p)>",
174 + return PyUnicode_FromFormat("<cparam '%c' (%p)>",
175 self->tag, self->value.p);
179 if (is_literal_char((unsigned char)self->tag)) {
180 - sprintf(buffer, "<cparam '%c' at %p>",
181 + return PyUnicode_FromFormat("<cparam '%c' at %p>",
182 (unsigned char)self->tag, (void *)self);
185 - sprintf(buffer, "<cparam 0x%02x at %p>",
186 + return PyUnicode_FromFormat("<cparam 0x%02x at %p>",
187 (unsigned char)self->tag, (void *)self);
191 - return PyUnicode_FromString(buffer);
194 static PyMemberDef PyCArgType_members[] = {