Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gh-127208: Reject null character in _imp.create_dynamic() #127400

Merged
merged 1 commit into from
Nov 29, 2024
Merged

gh-127208: Reject null character in _imp.create_dynamic() #127400

merged 1 commit into from
Nov 29, 2024
+18 −3

Conversation

vstinner
Copy link
Member

@vstinner vstinner commented Nov 29, 2024
edited by bedevere-app bot
Loading

_imp.create_dynamic() now rejects embedded null characters in the path and in the module name.

@vstinner
pythongh-127208: Reject null character in _imp.create_dynamic()
a0672e0 
_imp.create_dynamic() now rejects embedded null characters in the
path and in the module name.
@vstinner vstinner added skip news needs backport to 3.13 bugs and security fixes labels Nov 29, 2024
@bedevere-app bedevere-app bot mentioned this pull request Nov 29, 2024
Closed
@vstinner
Copy link
Member Author

cc @ZeroIntensity @sobolevn

@picnixz
Copy link
Contributor

picnixz commented Nov 29, 2024

According to the issue, it fails on 3.12 so does it require a 3.12 bp as well? (I don't have the code in front of me)

@vstinner
Copy link
Member Author

According to the issue, it fails on 3.12 so does it require a 3.12 bp as well? (I don't have the code in front of me)

_PyUnicode_AsUTF8NoNUL() was added to Python 3.13. Since the bug report comes from a fuzzing tool, I don't think that it's worth it to backport the fix up to Python 3.12. The bug is old and nobody complained before.

@vstinner vstinner merged commit b14fdad into python:main Nov 29, 2024
49 checks passed
@vstinner vstinner deleted the imp_create_dynamic branch November 29, 2024 15:20
@miss-islington-app
Copy link

Thanks @vstinner for the PR 🌮🎉.. I'm working now to backport this PR to: 3.13.
🐍🍒⛏🤖

miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Nov 29, 2024
@vstinner @miss-islington
pythongh-127208: Reject null character in _imp.create_dynamic() (pyth…
89b4cce 
…onGH-127400)

_imp.create_dynamic() now rejects embedded null characters in the
path and in the module name.
(cherry picked from commit b14fdad)

Co-authored-by: Victor Stinner <[email protected]>
@bedevere-app
Copy link

bedevere-app bot commented Nov 29, 2024

GH-127418 is a backport of this pull request to the 3.13 branch.

@bedevere-app bedevere-app bot removed the needs backport to 3.13 bugs and security fixes label Nov 29, 2024
@bedevere-app
Copy link

bedevere-app bot commented Nov 29, 2024

GH-127419 is a backport of this pull request to the 3.12 branch.

@vstinner
Copy link
Member Author

Hum, I changed my mind and backported the _PyUnicode_AsUTF8NoNUL() function instead :-) I created #127419 backport for 3.12.

vstinner added a commit that referenced this pull request Nov 29, 2024
@miss-islington @vstinner
[3.13] gh-127208: Reject null character in _imp.create_dynamic() (GH-…
c4a359d 
…127400) (#127418)

gh-127208: Reject null character in _imp.create_dynamic() (GH-127400)

_imp.create_dynamic() now rejects embedded null characters in the
path and in the module name.
(cherry picked from commit b14fdad)

Co-authored-by: Victor Stinner <[email protected]>
vstinner added a commit that referenced this pull request Nov 29, 2024
@vstinner
[3.12] gh-127208: Reject null character in _imp.create_dynamic() (#12…
e7ab978 
…7400) (#127419)

gh-127208: Reject null character in _imp.create_dynamic() (#127400)

_imp.create_dynamic() now rejects embedded null characters in the
path and in the module name.

Backport also the _PyUnicode_AsUTF8NoNUL() function.

(cherry picked from commit b14fdad)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kumaraditya303 kumaraditya303 kumaraditya303 approved these changes

@brettcannon brettcannon Awaiting requested review from brettcannon brettcannon is a code owner

@ericsnowcurrently ericsnowcurrently Awaiting requested review from ericsnowcurrently ericsnowcurrently is a code owner

@ncoghlan ncoghlan Awaiting requested review from ncoghlan ncoghlan is a code owner

@warsaw warsaw Awaiting requested review from warsaw warsaw is a code owner

Assignees
No one assigned
Labels
skip news
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@vstinner @picnixz @kumaraditya303