From 866bf6772e51c1a6c3ec948cdac18bc4b2d65e8a Mon Sep 17 00:00:00 2001 From: chgnrdv Date: Tue, 18 Oct 2022 22:18:38 +0300 Subject: [PATCH 1/5] Add unicode check for 'name' attribute in _imp_create_builtin _imp_create_builtin crashes if 'name' attribute of 'spec' argument is not a 'str' instance. This commit adds appropriate check. --- Python/import.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/Python/import.c b/Python/import.c index 698ef37ce0a131..c85868c31b5ae2 100644 --- a/Python/import.c +++ b/Python/import.c @@ -1021,6 +1021,13 @@ _imp_create_builtin(PyObject *module, PyObject *spec) return NULL; } + if (!PyUnicode_Check(name)) { + PyErr_Format(PyExc_TypeError, + "name must be string, not %.200s", + Py_TYPE(name)->tp_name); + return NULL; + } + PyObject *mod = create_builtin(tstate, name, spec); Py_DECREF(name); return mod; From 4d0d69b459e9725571378daa5a0e1bf8ede75f75 Mon Sep 17 00:00:00 2001 From: chgnrdv Date: Tue, 18 Oct 2022 23:42:15 +0300 Subject: [PATCH 2/5] Added missing Py_DECREF --- Python/import.c | 1 + 1 file changed, 1 insertion(+) diff --git a/Python/import.c b/Python/import.c index c85868c31b5ae2..9d35d261774211 100644 --- a/Python/import.c +++ b/Python/import.c @@ -1025,6 +1025,7 @@ _imp_create_builtin(PyObject *module, PyObject *spec) PyErr_Format(PyExc_TypeError, "name must be string, not %.200s", Py_TYPE(name)->tp_name); + Py_DECREF(name); return NULL; } From 48b46a4c5d9b2b4581a7bd9cb380e5c4784c81ab Mon Sep 17 00:00:00 2001 From: chgnrdv Date: Wed, 19 Oct 2022 20:24:37 +0300 Subject: [PATCH 3/5] Added tests --- Lib/test/test_imp.py | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/Lib/test/test_imp.py b/Lib/test/test_imp.py index 35b6afa91ebd4f..332a28ec6be990 100644 --- a/Lib/test/test_imp.py +++ b/Lib/test/test_imp.py @@ -378,6 +378,41 @@ def test_find_and_load_checked_pyc(self): mod = imp.load_module('mymod', file, path, description) self.assertEqual(mod.x, 42) + def test_issue98354(self): + # _imp.create_builtin should raise TypeError + # if 'name' attribute of 'spec' argument is not a 'str' instance + + create_builtin = support.get_attribute(_imp, "create_builtin") + + class FakeSpec: + def __init__(self, name): + self.name = self + spec = FakeSpec("time") + with self.assertRaises(TypeError): + create_builtin(spec) + + class FakeSpec2: + name = [1, 2, 3, 4] + spec = FakeSpec2() + with self.assertRaises(TypeError): + create_builtin(spec) + + class UnicodeSubclass(str): + pass + class GoodSpec: + name = UnicodeSubclass("sys") + spec = GoodSpec() + bltin = create_builtin(spec) + import sys + self.assertEqual(bltin, sys) + + class UnicodeSubclassFakeSpec(str): + def __init__(self, name): + self.name = self + spec = UnicodeSubclassFakeSpec("builtins") + bltin = create_builtin(spec) + import builtins + self.assertEqual(bltin, builtins) class ReloadTests(unittest.TestCase): From 010add5bca380b2da9f29ccc5bad95cf391e894f Mon Sep 17 00:00:00 2001 From: chgnrdv Date: Wed, 19 Oct 2022 20:57:24 +0300 Subject: [PATCH 4/5] Fixed tests because sys module import breaks them --- Lib/test/test_imp.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/Lib/test/test_imp.py b/Lib/test/test_imp.py index 332a28ec6be990..446e913e5bf383 100644 --- a/Lib/test/test_imp.py +++ b/Lib/test/test_imp.py @@ -397,21 +397,20 @@ class FakeSpec2: with self.assertRaises(TypeError): create_builtin(spec) + import builtins class UnicodeSubclass(str): pass class GoodSpec: - name = UnicodeSubclass("sys") + name = UnicodeSubclass("builtins") spec = GoodSpec() bltin = create_builtin(spec) - import sys - self.assertEqual(bltin, sys) + self.assertEqual(bltin, builtins) class UnicodeSubclassFakeSpec(str): def __init__(self, name): self.name = self spec = UnicodeSubclassFakeSpec("builtins") bltin = create_builtin(spec) - import builtins self.assertEqual(bltin, builtins) class ReloadTests(unittest.TestCase): From 964da44a9443243b367f0472d775a96f9e7dc758 Mon Sep 17 00:00:00 2001 From: "blurb-it[bot]" <43283697+blurb-it[bot]@users.noreply.github.com> Date: Wed, 19 Oct 2022 18:03:29 +0000 Subject: [PATCH 5/5] =?UTF-8?q?=F0=9F=93=9C=F0=9F=A4=96=20Added=20by=20blu?= =?UTF-8?q?rb=5Fit.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../2022-10-19-18-03-28.gh-issue-98354.GRGta3.rst | 1 + 1 file changed, 1 insertion(+) create mode 100644 Misc/NEWS.d/next/Core and Builtins/2022-10-19-18-03-28.gh-issue-98354.GRGta3.rst diff --git a/Misc/NEWS.d/next/Core and Builtins/2022-10-19-18-03-28.gh-issue-98354.GRGta3.rst b/Misc/NEWS.d/next/Core and Builtins/2022-10-19-18-03-28.gh-issue-98354.GRGta3.rst new file mode 100644 index 00000000000000..a600f3e927a315 --- /dev/null +++ b/Misc/NEWS.d/next/Core and Builtins/2022-10-19-18-03-28.gh-issue-98354.GRGta3.rst @@ -0,0 +1 @@ +Added unicode check for ``name`` attribute of ``spec`` argument passed in :func:`_imp.create_builtin` function. pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy