Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[3.5] bpo-29778: Ensure python3.dll is loaded from correct locations when Python is embedded (GH-21297) #21377

Merged
merged 3 commits into from
Aug 4, 2020
Merged

[3.5] bpo-29778: Ensure python3.dll is loaded from correct locations when Python is embedded (GH-21297) #21377

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
7d0dd22
bpo-29778: Ensure python3.dll is loaded from correct locations when P…
zooba Jul 7, 2020
c14f35f
Fix bad merge
zooba Jul 7, 2020
b4dd239
Merge branch '3.5' into bpo-29778-3.5
larryhastings Jul 16, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions Misc/NEWS.d/next/Security/2020-07-03-17-21-37.bpo-29778.cR_fGS.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
Ensure :file:`python3.dll` is loaded from correct locations when Python is
embedded (CVE-2020-15523).
122 changes: 86 additions & 36 deletions PC/getpathp.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,6 @@

static wchar_t prefix[MAXPATHLEN+1];
static wchar_t progpath[MAXPATHLEN+1];
static wchar_t dllpath[MAXPATHLEN+1];
static wchar_t *module_search_path = NULL;


Expand Down Expand Up @@ -122,6 +121,46 @@ reduce(wchar_t *dir)
dir[i] = '\0';
}

static int
change_ext(wchar_t *dest, const wchar_t *src, const wchar_t *ext)
{
if (src && src != dest) {
size_t src_len = wcsnlen_s(src, MAXPATHLEN+1);
size_t i = src_len;
if (i >= MAXPATHLEN+1) {
Py_FatalError("buffer overflow in getpathp.c's reduce()");
}

while (i > 0 && src[i] != '.' && !is_sep(src[i]))
--i;

if (i == 0) {
dest[0] = '\0';
return -1;
}

if (is_sep(src[i])) {
i = src_len;
}

if (wcsncpy_s(dest, MAXPATHLEN+1, src, i)) {
dest[0] = '\0';
return -1;
}
} else {
wchar_t *s = wcsrchr(dest, L'.');
if (s) {
s[0] = '\0';
}
}

if (wcscat_s(dest, MAXPATHLEN+1, ext)) {
dest[0] = '\0';
return -1;
}

return 0;
}

static int
exists(wchar_t *filename)
Expand Down Expand Up @@ -214,6 +253,20 @@ search_for_prefix(wchar_t *argv0_path, wchar_t *landmark)
return 0;
}


static int
get_dllpath(wchar_t *dllpath)
{
#ifdef Py_ENABLE_SHARED
extern HANDLE PyWin_DLLhModule;
if (PyWin_DLLhModule && GetModuleFileNameW(PyWin_DLLhModule, dllpath, MAXPATHLEN)) {
return 0;
}
#endif
return -1;
}


#ifdef MS_WINDOWS
#ifdef Py_ENABLE_SHARED

Expand Down Expand Up @@ -378,19 +431,8 @@ get_progpath(void)
wchar_t *path = _wgetenv(L"PATH");
wchar_t *prog = Py_GetProgramName();

#ifdef MS_WINDOWS
#ifdef Py_ENABLE_SHARED
extern HANDLE PyWin_DLLhModule;
/* static init of progpath ensures final char remains \0 */
if (PyWin_DLLhModule)
if (!GetModuleFileNameW(PyWin_DLLhModule, dllpath, MAXPATHLEN))
dllpath[0] = 0;
#else
dllpath[0] = 0;
#endif
if (GetModuleFileNameW(NULL, progpath, MAXPATHLEN))
return;
#endif
if (prog == NULL || *prog == '\0')
prog = L"python";

Expand Down Expand Up @@ -578,14 +620,10 @@ calculate_path(void)

#ifdef MS_WINDOWS
/* Calculate zip archive path from DLL or exe path */
if (wcscpy_s(zip_path, MAXPATHLEN+1, dllpath[0] ? dllpath : progpath))
/* exceeded buffer length - ignore zip_path */
zip_path[0] = '\0';
else {
wchar_t *dot = wcsrchr(zip_path, '.');
if (!dot || wcscpy_s(dot, MAXPATHLEN+1 - (dot - zip_path), L".zip"))
/* exceeded buffer length - ignore zip_path */
zip_path[0] = L'\0';
if (!get_dllpath(zip_path)) {
change_ext(zip_path, zip_path, L".zip");
} else {
change_ext(zip_path, progpath, L".zip");
}

skiphome = pythonhome==NULL ? 0 : 1;
Expand Down Expand Up @@ -768,8 +806,6 @@ calculate_path(void)
}


/* External interface */

void
Py_SetPath(const wchar_t *path)
{
Expand Down Expand Up @@ -830,25 +866,39 @@ int
_Py_CheckPython3()
{
wchar_t py3path[MAXPATHLEN+1];
wchar_t *s;
if (python3_checked)
if (python3_checked) {
return hPython3 != NULL;
}
python3_checked = 1;

/* If there is a python3.dll next to the python3y.dll,
assume this is a build tree; use that DLL */
wcscpy(py3path, dllpath);
s = wcsrchr(py3path, L'\\');
if (!s)
s = py3path;
wcscpy(s, L"\\python3.dll");
hPython3 = LoadLibraryExW(py3path, NULL, LOAD_WITH_ALTERED_SEARCH_PATH);
if (hPython3 != NULL)
return 1;
use that DLL */
if (!get_dllpath(py3path)) {
reduce(py3path);
join(py3path, PY3_DLLNAME);
hPython3 = LoadLibraryExW(py3path, NULL, LOAD_WITH_ALTERED_SEARCH_PATH);
if (hPython3 != NULL) {
return 1;
}
}

/* Check sys.prefix\DLLs\python3.dll */
/* If we can locate python3.dll in our application dir,
use that DLL */
wcscpy(py3path, Py_GetPrefix());
wcscat(py3path, L"\\DLLs\\python3.dll");
hPython3 = LoadLibraryExW(py3path, NULL, LOAD_WITH_ALTERED_SEARCH_PATH);
if (py3path[0]) {
join(py3path, PY3_DLLNAME);
hPython3 = LoadLibraryExW(py3path, NULL, LOAD_WITH_ALTERED_SEARCH_PATH);
if (hPython3 != NULL) {
return 1;
}
}

/* For back-compat, also search {sys.prefix}\DLLs, though
that has not been a normal install layout for a while */
wcscpy(py3path, Py_GetPrefix());
if (py3path[0]) {
join(py3path, L"DLLs\\" PY3_DLLNAME);
hPython3 = LoadLibraryExW(py3path, NULL, LOAD_WITH_ALTERED_SEARCH_PATH);
}
return hPython3 != NULL;
}
4 changes: 2 additions & 2 deletions PCbuild/pyproject.props
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,12 +24,12 @@
<_PlatformPreprocessorDefinition>_WIN32;</_PlatformPreprocessorDefinition>
<_PlatformPreprocessorDefinition Condition="$(Platform) == 'x64'">_WIN64;_M_X64;</_PlatformPreprocessorDefinition>
<_PydPreprocessorDefinition Condition="$(TargetExt) == '.pyd'">Py_BUILD_CORE_MODULE;</_PydPreprocessorDefinition>
<_Py3NamePreprocessorDefinition>PY3_DLLNAME=L"$(Py3DllName)";</_Py3NamePreprocessorDefinition>
</PropertyGroup>
<ItemDefinitionGroup>
<ClCompile>
<AdditionalIncludeDirectories>$(PySourcePath)Include;$(PySourcePath)PC;$(IntDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>WIN32;$(_PlatformPreprocessorDefinition)$(_DebugPreprocessorDefinition)$(_PydPreprocessorDefinition)%(PreprocessorDefinitions)</PreprocessorDefinitions>

<PreprocessorDefinitions>WIN32;$(_Py3NamePreprocessorDefinition)$(_PlatformPreprocessorDefinition)$(_DebugPreprocessorDefinition)$(_PydPreprocessorDefinition)%(PreprocessorDefinitions)</PreprocessorDefinitions>
<Optimization>MaxSpeed</Optimization>
<IntrinsicFunctions>true</IntrinsicFunctions>
<StringPooling>true</StringPooling>
Expand Down
2 changes: 2 additions & 0 deletions PCbuild/python.props
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -152,6 +152,8 @@

<!-- The name of the resulting pythonXY.dll (without the extension) -->
<PyDllName>python$(MajorVersionNumber)$(MinorVersionNumber)$(PyDebugExt)</PyDllName>
<!-- The name of the resulting pythonX.dll (without the extension) -->
<Py3DllName>python3$(PyDebugExt)</Py3DllName>

<!-- The version and platform tag to include in .pyd filenames -->
<PydTag Condition="$(ArchName) == 'win32'">.cp$(MajorVersionNumber)$(MinorVersionNumber)-win32</PydTag>
Expand Down
2 changes: 0 additions & 2 deletions Python/dynload_win.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -194,9 +194,7 @@ dl_funcptr _PyImport_FindSharedFuncptrWindows(const char *prefix,
char funcname[258], *import_python;
const wchar_t *wpathname;

#ifndef _DEBUG
_Py_CheckPython3();
#endif

wpathname = _PyUnicode_AsUnicode(pathname);
if (wpathname == NULL)
Expand Down