From 71d305c83d324ec46717924d119e27c03156b8fa Mon Sep 17 00:00:00 2001 From: Antoine Pitrou Date: Fri, 21 May 2010 17:33:14 +0000 Subject: [PATCH] Merged revisions 81400 via svnmerge from svn+ssh://pythondev@svn.python.org/python/branches/py3k ................ r81400 | antoine.pitrou | 2010-05-21 19:25:34 +0200 (ven., 21 mai 2010) | 12 lines Merged revisions 81398 via svnmerge from svn+ssh://pythondev@svn.python.org/python/trunk ........ r81398 | antoine.pitrou | 2010-05-21 19:12:38 +0200 (ven., 21 mai 2010) | 6 lines Issue #5753: A new C API function, :cfunc:`PySys_SetArgvEx`, allows embedders of the interpreter to set sys.argv without also modifying sys.path. This helps fix `CVE-2008-5983 `_. ........ ................ --- Doc/c-api/init.rst | 38 +++++++++++++++++++++++++++++++++----- Include/sysmodule.h | 1 + Misc/NEWS | 8 ++++++++ Python/sysmodule.c | 10 ++++++++-- 4 files changed, 50 insertions(+), 7 deletions(-) diff --git a/Doc/c-api/init.rst b/Doc/c-api/init.rst index 1a0975a71e0..68a8ba45ad2 100644 --- a/Doc/c-api/init.rst +++ b/Doc/c-api/init.rst @@ -22,6 +22,7 @@ Initialization, Finalization, and Threads module: sys triple: module; search; path single: PySys_SetArgv() + single: PySys_SetArgvEx() single: Py_Finalize() Initialize the Python interpreter. In an application embedding Python, this @@ -31,7 +32,7 @@ Initialization, Finalization, and Threads the table of loaded modules (``sys.modules``), and creates the fundamental modules :mod:`builtins`, :mod:`__main__` and :mod:`sys`. It also initializes the module search path (``sys.path``). It does not set ``sys.argv``; use - :cfunc:`PySys_SetArgv` for that. This is a no-op when called for a second time + :cfunc:`PySys_SetArgvEx` for that. This is a no-op when called for a second time (without calling :cfunc:`Py_Finalize` first). There is no return value; it is a fatal error if the initialization fails. @@ -344,7 +345,7 @@ Initialization, Finalization, and Threads ``sys.version``. -.. cfunction:: void PySys_SetArgv(int argc, wchar_t **argv) +.. cfunction:: void PySys_SetArgvEx(int argc, wchar_t **argv, int updatepath) .. index:: single: main() @@ -359,14 +360,41 @@ Initialization, Finalization, and Threads string. If this function fails to initialize :data:`sys.argv`, a fatal condition is signalled using :cfunc:`Py_FatalError`. - This function also prepends the executed script's path to :data:`sys.path`. - If no script is executed (in the case of calling ``python -c`` or just the - interactive interpreter), the empty string is used instead. + If *updatepath* is zero, this is all the function does. If *updatepath* + is non-zero, the function also modifies :data:`sys.path` according to the + following algorithm: + + - If the name of an existing script is passed in ``argv[0]``, the absolute + path of the directory where the script is located is prepended to + :data:`sys.path`. + - Otherwise (that is, if *argc* is 0 or ``argv[0]`` doesn't point + to an existing file name), an empty string is prepended to + :data:`sys.path`, which is the same as prepending the current working + directory (``"."``). + + .. note:: + It is recommended that applications embedding the Python interpreter + for purposes other than executing a single script pass 0 as *updatepath*, + and update :data:`sys.path` themselves if desired. + See `CVE-2008-5983 `_. + + On versions before 3.1.3, you can achieve the same effect by manually + popping the first :data:`sys.path` element after having called + :cfunc:`PySys_SetArgv`, for example using:: + + PyRun_SimpleString("import sys; sys.path.pop(0)\n"); + + .. versionadded:: 3.1.3 .. XXX impl. doesn't seem consistent in allowing 0/NULL for the params; check w/ Guido. +.. cfunction:: void PySys_SetArgv(int argc, wchar_t **argv) + + This function works like :cfunc:`PySys_SetArgv` with *updatepath* set to 1. + + .. cfunction:: void Py_SetPythonHome(wchar_t *home) Set the default "home" directory, that is, the location of the standard diff --git a/Include/sysmodule.h b/Include/sysmodule.h index eeb8619df98..2268f3ab2b9 100644 --- a/Include/sysmodule.h +++ b/Include/sysmodule.h @@ -10,6 +10,7 @@ extern "C" { PyAPI_FUNC(PyObject *) PySys_GetObject(const char *); PyAPI_FUNC(int) PySys_SetObject(const char *, PyObject *); PyAPI_FUNC(void) PySys_SetArgv(int, wchar_t **); +PyAPI_FUNC(void) PySys_SetArgvEx(int, wchar_t **, int); PyAPI_FUNC(void) PySys_SetPath(const wchar_t *); PyAPI_FUNC(void) PySys_WriteStdout(const char *format, ...) diff --git a/Misc/NEWS b/Misc/NEWS index de634e5ebac..23046064bb0 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -43,6 +43,14 @@ Core and Builtins - Issue #7072: isspace(0xa0) is true on Mac OS X +C-API +----- + +- Issue #5753: A new C API function, :cfunc:`PySys_SetArgvEx`, allows + embedders of the interpreter to set sys.argv without also modifying + sys.path. This helps fix `CVE-2008-5983 + `_. + Library ------- diff --git a/Python/sysmodule.c b/Python/sysmodule.c index 33dfbb395f0..ea67710423f 100644 --- a/Python/sysmodule.c +++ b/Python/sysmodule.c @@ -1555,7 +1555,7 @@ _wrealpath(const wchar_t *path, wchar_t *resolved_path) #endif void -PySys_SetArgv(int argc, wchar_t **argv) +PySys_SetArgvEx(int argc, wchar_t **argv, int updatepath) { #if defined(HAVE_REALPATH) wchar_t fullpath[MAXPATHLEN]; @@ -1568,7 +1568,7 @@ PySys_SetArgv(int argc, wchar_t **argv) Py_FatalError("no mem for sys.argv"); if (PySys_SetObject("argv", av) != 0) Py_FatalError("can't assign sys.argv"); - if (path != NULL) { + if (updatepath && path != NULL) { wchar_t *argv0 = argv[0]; wchar_t *p = NULL; Py_ssize_t n = 0; @@ -1655,6 +1655,12 @@ PySys_SetArgv(int argc, wchar_t **argv) Py_DECREF(av); } +void +PySys_SetArgv(int argc, wchar_t **argv) +{ + PySys_SetArgvEx(argc, argv, 1); +} + /* Reimplementation of PyFile_WriteString() no calling indirectly PyErr_CheckSignals(): avoid the call to PyObject_Str(). */