From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Rob Browning Newsgroups: gmane.lisp.guile.devel Subject: [PATCH 8/8] Reject bup_getpwuid bup_getgrgid argument overflow Date: Tue, 30 May 2023 19:49:44 -0500 Message-ID: <20230531004944.1657633-9-rlb@defaultvalue.org> References: <20230531004944.1657633-1-rlb@defaultvalue.org> Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="16738"; mail-complaints-to="usenet@ciao.gmane.io" To: guile-devel@gnu.org Original-X-From: guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org Wed May 31 02:50:43 2023 Return-path: Envelope-to: guile-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1q4A30-0004Bh-Ry for guile-devel@m.gmane-mx.org; Wed, 31 May 2023 02:50:42 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1q4A2G-0006Mr-IJ; Tue, 30 May 2023 20:49:56 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q4A2F-0006Mb-34 for guile-devel@gnu.org; Tue, 30 May 2023 20:49:55 -0400 Original-Received: from defaultvalue.org ([45.33.119.55]) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1q4A29-0008Em-P3 for guile-devel@gnu.org; Tue, 30 May 2023 20:49:54 -0400 Original-Received: from trouble.defaultvalue.org (localhost [127.0.0.1]) (Authenticated sender: rlb@defaultvalue.org) by defaultvalue.org (Postfix) with ESMTPSA id 298892069E for ; Tue, 30 May 2023 19:49:46 -0500 (CDT) Original-Received: by trouble.defaultvalue.org (Postfix, from userid 1000) id 232BE14E0B0; Tue, 30 May 2023 19:49:45 -0500 (CDT) X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230531004944.1657633-1-rlb@defaultvalue.org> Received-SPF: pass client-ip=45.33.119.55; envelope-from=rlb@defaultvalue.org; helo=defaultvalue.org X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_HELO_TEMPERROR=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guile-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Developers list for Guile, the GNU extensibility library" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org Original-Sender: guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.lisp.guile.devel:21844 Archived-At: Replace PyArg_ParseTuple "K" checks (which ignore overflow) with BUP_ASSIGN_PYLONG_TO_INTEGRAL. Signed-off-by: Rob Browning Tested-by: Rob Browning --- lib/bup/_helpers.c | 25 ++++++++++++++++--------- src/bup/pyutil.h | 4 ++-- 2 files changed, 18 insertions(+), 11 deletions(-) diff --git a/lib/bup/_helpers.c b/lib/bup/_helpers.c index 9bfb5e35a..9a8e1555a 100644 --- a/lib/bup/_helpers.c +++ b/lib/bup/_helpers.c @@ -1347,13 +1347,16 @@ static PyObject *pwd_struct_to_py(const struct passwd *pwd) static PyObject *bup_getpwuid(PyObject *self, PyObject *args) { - unsigned long long py_uid; - if (!PyArg_ParseTuple(args, "K", &py_uid)) + PyObject *py_uid = NULL; + if (!PyArg_ParseTuple(args, "O", &py_uid)) return NULL; uid_t uid; - if (!INTEGRAL_ASSIGNMENT_FITS(&uid, py_uid)) - return PyErr_Format(PyExc_OverflowError, "uid too large for uid_t"); - + int overflow; + if (!BUP_ASSIGN_PYLONG_TO_INTEGRAL(&uid, py_uid, &overflow)) { + if (overflow) + return PyErr_Format(PyExc_OverflowError, "uid too large for uid_t"); + return NULL; + } errno = 0; struct passwd *pwd = getpwuid(uid); if (!pwd && errno) @@ -1395,12 +1398,16 @@ static PyObject *grp_struct_to_py(const struct group *grp) static PyObject *bup_getgrgid(PyObject *self, PyObject *args) { - unsigned long long py_gid; - if (!PyArg_ParseTuple(args, "K", &py_gid)) + PyObject *py_gid = NULL; + if (!PyArg_ParseTuple(args, "O", &py_gid)) return NULL; gid_t gid; - if (!INTEGRAL_ASSIGNMENT_FITS(&gid, py_gid)) - return PyErr_Format(PyExc_OverflowError, "gid too large for gid_t"); + int overflow; + if (!BUP_ASSIGN_PYLONG_TO_INTEGRAL(&gid, py_gid, &overflow)) { + if (overflow) + return PyErr_Format(PyExc_OverflowError, "gid too large for gid_t"); + return NULL; + } errno = 0; struct group *grp = getgrgid(gid); diff --git a/src/bup/pyutil.h b/src/bup/pyutil.h index 37f4a100b..93059e985 100644 --- a/src/bup/pyutil.h +++ b/src/bup/pyutil.h @@ -18,7 +18,7 @@ int bup_ullong_from_py(unsigned long long *x, PyObject *py, const char *name); // success returns non-zero. On failure returns 0 and overflow will // be non-zero if there was an overflow, otherwise a python exception // will be pending. -#define BUP_ASSIGN_PYLONG_TO_INTEGRAL (dest, pylong, overflow) \ +#define BUP_ASSIGN_PYLONG_TO_INTEGRAL(dest, pylong, overflow) \ ({ \ int result = 0; \ int pending_overflow = 0; \ @@ -36,7 +36,7 @@ int bup_ullong_from_py(unsigned long long *x, PyObject *py, const char *name); } else { \ const unsigned long long tmp = \ PyLong_AsUnsignedLongLong(pylong); \ - if (tmp == -1 && PyErr_Occurred() \ + if (tmp == (unsigned long long) -1 && PyErr_Occurred() \ && PyErr_ExceptionMatches(PyExc_OverflowError)) \ pending_overflow = 2; \ else { \ -- 2.39.2