Issue 602108: improper use of strncpy in getpath

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

This issue has been migrated to GitHub: https://github.com/python/cpython/issues/37108

classification

Title:	improper use of strncpy in getpath
Type:		Stage:
Components:	Interpreter Core	Versions:	Python 2.3

process

Status:	closed	Resolution:	fixed
Dependencies:		Superseder:
Assigned To:	nnorwitz	Nosy List:	gvanrossum, nnorwitz
Priority:	normal	Keywords:	patch

Created on 2002-08-29 21:23 by nnorwitz, last changed 2022-04-10 16:05 by admin. This issue is now closed.

Files
File name	Uploaded	Description	Edit
strncpy.diff	nnorwitz, 2002-08-29 21:23	patch 1 to null terminate strings

Messages (6)
msg41063 - (view)	Author: Neal Norwitz (nnorwitz) *	Date: 2002-08-29 21:23
Many uses of strncpy() in Modules/getpath and PC/getpathp do not copy the terminating null character onto the string. This patch makes sure the strings are null terminated after strncpy(). Should this be backported?
msg41064 - (view)	Author: Guido van Rossum (gvanrossum) *	Date: 2002-09-03 18:55
Logged In: YES user_id=6380 Since the variables affected are all globals, there is already a null byte in the final position. So there's no need to write one explicitly. I therefore reject this patch. I'm leaving it open in case I'm misunderstanding something. If you agree, please close it.
msg41065 - (view)	Author: Neal Norwitz (nnorwitz) *	Date: 2002-09-03 21:51
Logged In: YES user_id=33168 You are correct. There should always be a null byte since all the variables are static.
msg41066 - (view)	Author: Neal Norwitz (nnorwitz) *	Date: 2002-09-05 20:32
Logged In: YES user_id=33168 I spoke too soon. Not all the variables are global static. In Modules/getpath.c::calculate_path() (line 363), argv0_path is a local, non-static variable. In the original patch, this was set to the null char in 4 places. I think it would be easier to do: argv0_path[MAXPATHLEN] = '\0'; once, before argv0_path is used rather than after each strncpy().
msg41067 - (view)	Author: Guido van Rossum (gvanrossum) *	Date: 2002-09-06 05:07
Logged In: YES user_id=6380 Good catch. Can you check a fix along those lines in for just that variable?
msg41068 - (view)	Author: Neal Norwitz (nnorwitz) *	Date: 2002-09-13 14:41
Logged In: YES user_id=33168 Checked in as Modules/getpath.c 1.42 and 1.40.6.2.

History
Date	User	Action	Args
2022-04-10 16:05:38	admin	set	github: 37108
2002-08-29 21:23:56	nnorwitz	create