Thomas Wouters avatar Thomas Wouters committed 1843710

SF bug/patch #1433877: string parameter to ioctl not null terminated

The new char-array used in ioctl calls wasn't explicitly NUL-terminated;
quite probably the cause for the test_pty failures on Solaris that we
circumvented earlier. (I wasn't able to reproduce it with this patch, but it
has been somewhat elusive to start with.)

Comments (0)

Files changed (3)

Lib/test/test_pty.py

 TEST_STRING_1 = "I wish to buy a fish license.\n"
 TEST_STRING_2 = "For my pet fish, Eric.\n"
 
-# Solaris (at least 2.9 and 2.10) seem to have a fickle isatty(). The first
-# test below, testing the result of os.openpty() for tty-ness, sometimes
-# (but not always) fails. The second isatty test, in the sub-process, always
-# works. Allow that fickle first test to fail on these platforms, since it
-# doesn't actually affect functionality.
-fickle_isatty = ["sunos5"]
-
 if verbose:
     def debug(msg):
         print msg
         # " An optional feature could not be imported " ... ?
         raise TestSkipped, "Pseudo-terminals (seemingly) not functional."
 
-    if not os.isatty(slave_fd) and sys.platform not in fickle_isatty:
+    if not os.isatty(slave_fd):
         raise TestFailed, "slave_fd is not a tty"
 
     debug("Writing to slave_fd")
 Luigi Ballabio
 Michael J. Barber
 Chris Barker
+Quentin Barnes
 Cesar Eduardo Barros
 Des Barry
 Ulf Bartelt

Modules/fcntlmodule.c

 static PyObject *
 fcntl_ioctl(PyObject *self, PyObject *args)
 {
+#define IOCTL_BUFSZ 1024
 	int fd;
 	/* In PyArg_ParseTuple below, use the unsigned int 'I' format for
 	   the signed int 'code' variable, because Python turns 0x8000000
 	char *str;
 	Py_ssize_t len;
 	int mutate_arg = 1;
-	char buf[1024];
+ 	char buf[IOCTL_BUFSZ+1];  /* argument plus NUL byte */
 
 	if (PyArg_ParseTuple(args, "O&Iw#|i:ioctl",
                              conv_descriptor, &fd, &code, 
 		char *arg;
 
 	       	if (mutate_arg) {
-			if (len <= sizeof buf) {
+			if (len <= IOCTL_BUFSZ) {
 				memcpy(buf, str, len);
+				buf[len] = '\0';
 				arg = buf;
 			} 
 			else {
 			}
 		}
 		else {
-			if (len > sizeof buf) {
+			if (len > IOCTL_BUFSZ) {
 				PyErr_SetString(PyExc_ValueError,
 					"ioctl string arg too long");
 				return NULL;
 			}
 			else {
 				memcpy(buf, str, len);
+				buf[len] = '\0';
 				arg = buf;
 			}
 		}
 		else {
 			ret = ioctl(fd, code, arg);
 		}
-		if (mutate_arg && (len < sizeof buf)) {
+		if (mutate_arg && (len < IOCTL_BUFSZ)) {
 			memcpy(str, buf, len);
 		}
 		if (ret < 0) {
 	PyErr_Clear();
 	if (PyArg_ParseTuple(args, "O&Is#:ioctl",
                              conv_descriptor, &fd, &code, &str, &len)) {
-		if (len > sizeof buf) {
+		if (len > IOCTL_BUFSZ) {
 			PyErr_SetString(PyExc_ValueError,
 					"ioctl string arg too long");
 			return NULL;
 		}
 		memcpy(buf, str, len);
+		buf[len] = '\0';
 		Py_BEGIN_ALLOW_THREADS
 		ret = ioctl(fd, code, buf);
 		Py_END_ALLOW_THREADS
 		return NULL;
 	}
 	return PyInt_FromLong((long)ret);
+#undef IOCTL_BUFSZ
 }
 
 PyDoc_STRVAR(ioctl_doc,
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.