gh-127208: Reject null character in _imp.create_dynamic() (#127400)

author Victor Stinner <vstinner@python.org>

Fri, 29 Nov 2024 15:20:38 +0000 (16:20 +0100)

committer GitHub <noreply@github.com>

Fri, 29 Nov 2024 15:20:38 +0000 (16:20 +0100)
author Victor Stinner <vstinner@python.org>
Fri, 29 Nov 2024 15:20:38 +0000 (16:20 +0100)
committer GitHub <noreply@github.com>
Fri, 29 Nov 2024 15:20:38 +0000 (16:20 +0100)
diff --git a/Lib/test/test_import/__init__.py b/Lib/test/test_import/__init__.py

index 0e39998ebb3783e171b8cc51982997fae6255ea1..c52b7f3e09bea1590b82f3d3896dfd39e78c3f25 100644 (file)
--- a/Lib/test/test_import/__init__.py
+++ b/Lib/test/test_import/__init__.py
@@ -1133,6 +1133,19 @@ except ImportError as e:
                  stdout, stderr = popen.communicate()
                  self.assertRegex(stdout, expected_error)
  
+    def test_create_dynamic_null(self):
+        with self.assertRaisesRegex(ValueError, 'embedded null character'):
+            class Spec:
+                name = "a\x00b"
+                origin = "abc"
+            _imp.create_dynamic(Spec())
+
+        with self.assertRaisesRegex(ValueError, 'embedded null character'):
+            class Spec2:
+                name = "abc"
+                origin = "a\x00b"
+            _imp.create_dynamic(Spec2())
+
  
  @skip_if_dont_write_bytecode
  class FilePermissionTests(unittest.TestCase):
diff --git a/Python/import.c b/Python/import.c

index 09fe95fa1fb64783fa55640a468412e8b8da55dd..b3c384c27718ce6217d00a89804ce330739b7536 100644 (file)
--- a/Python/import.c
+++ b/Python/import.c
@@ -1157,12 +1157,14 @@ del_extensions_cache_value(struct extensions_cache_value *value)
  static void *
  hashtable_key_from_2_strings(PyObject *str1, PyObject *str2, const char sep)
  {
-    Py_ssize_t str1_len, str2_len;
-    const char *str1_data = PyUnicode_AsUTF8AndSize(str1, &str1_len);
-    const char *str2_data = PyUnicode_AsUTF8AndSize(str2, &str2_len);
+    const char *str1_data = _PyUnicode_AsUTF8NoNUL(str1);
+    const char *str2_data = _PyUnicode_AsUTF8NoNUL(str2);
      if (str1_data == NULL || str2_data == NULL) {
          return NULL;
      }
+    Py_ssize_t str1_len = strlen(str1_data);
+    Py_ssize_t str2_len = strlen(str2_data);
+
      /* Make sure sep and the NULL byte won't cause an overflow. */
      assert(SIZE_MAX - str1_len - str2_len > 2);
      size_t size = str1_len + 1 + str2_len + 1;
author	Victor Stinner <vstinner@python.org>
	Fri, 29 Nov 2024 15:20:38 +0000 (16:20 +0100)
committer	GitHub <noreply@github.com>
	Fri, 29 Nov 2024 15:20:38 +0000 (16:20 +0100)
Lib/test/test_import/__init__.py		patch \| blob \| blame \| history
Python/import.c		patch \| blob \| blame \| history