vuln bugfix: check for swig_runtime_dataN.py was not done properly (MSVR-11-0084)

The bug is due to the following faulty line: http://code.google.com/p/idapython/source/browse/tags/build-1.5.1/swig/idaapi.i#611

python.cpp

@@ -42,7 +42,7 @@
 
 // Python-style version tuple comes from the makefile
 // Only the serial and status is set here
-#define VER_SERIAL 0
+#define VER_SERIAL 3
 #define VER_STATUS "final"
 #define IDAPYTHON_RUNSTATEMENT                   0
 #define IDAPYTHON_ENABLE_EXTLANG                 3
@@ -205,7 +205,7 @@ void disable_script_timeout()
 {
   // Clear timeout
   script_timeout = 0;
-  
+
   // Uninstall the trace function and hide the waitbox (if it was shown)
   end_execution();
 }
@@ -215,7 +215,7 @@ int set_script_timeout(int timeout)
 {
   // Update the timeout
   qswap(timeout, script_timeout);
-  
+
   // Reset the execution time and hide the waitbox (so it is shown again after timeout elapses)
   reset_execution_time();
   hide_script_waitbox();
@@ -353,7 +353,7 @@ static PyObject *GetMainGlobals()
 
 //------------------------------------------------------------------------
 static void PythonEvalOrExec(
-    const char *str, 
+    const char *str,
     const char *filename = "<string>")
 {
   // Compile as an expression
@@ -411,7 +411,7 @@ static error_t idaapi idc_runpythonstatement(idc_value_t *argv, idc_value_t *res
       Py_file_input,
       globals,
       globals);
-    PYW_GIL_RELEASE;  
+    PYW_GIL_RELEASE;
     Py_XDECREF(result);
     end_execution();
 
@@ -513,13 +513,13 @@ static int PyRunFile(const char *FileName)
 
   PYW_GIL_ENSURE;
   PyObject *result = PyRun_File(
-        PyFile_AsFile(PyFileObject), 
-        FileName, 
-        Py_file_input, 
-        globals, 
+        PyFile_AsFile(PyFileObject),
+        FileName,
+        Py_file_input,
+        globals,
         globals);
   PYW_GIL_RELEASE;
-  
+
   Py_XDECREF(PyFileObject);
   Py_XDECREF(result);
 
@@ -760,7 +760,7 @@ bool idaapi IDAPython_extlang_run(
 
     if ( imported_module )
     {
-      PYW_GIL_ENSURE;    
+      PYW_GIL_ENSURE;
       module = PyImport_ImportModule(modname);
       PYW_GIL_RELEASE;
     }
@@ -1163,7 +1163,7 @@ bool idaapi IDAPython_cli_execute_line(const char *line)
   // Pseudo commands
   //
   qstring s;
-  do 
+  do
   {
     // Help command?
     if ( line[0] == '?' )
@@ -1402,10 +1402,10 @@ bool IDAPython_Init(void)
 
   // Read configuration value
   read_user_config_file("python.cfg", set_python_options, NULL);
-  if ( g_alert_auto_scripts ) 
+  if ( g_alert_auto_scripts )
   {
     const char *autofn = pywraps_check_autoscripts();
-    if ( autofn != NULL 
+    if ( autofn != NULL
       && askyn_c(0, "HIDECANCEL\nTITLE IDAPython\nThe script '%s' was found in the current directory and will be automatically executed by Python.\n\n"
                     "Do you want to continue loading IDAPython?", autofn) == 0 )
     {

swig/idaapi.i

@@ -151,9 +151,9 @@ class pycvt_t
 
   //-----------------------------------------------------------------------
   static int get_attr(
-    PyObject *py_obj, 
-    const char *attrname, 
-    int ft, 
+    PyObject *py_obj,
+    const char *attrname,
+    int ft,
     attr_t &val)
   {
     PyObject *py_attr;
@@ -166,7 +166,7 @@ class pycvt_t
     else if ( (ft > FT_FIRST_NUM && ft < FT_LAST_NUM) && PyW_GetNumber(py_attr, &val.u64) )
       ; // nothing to be done
     // A string array?
-    else if ( (ft == FT_STRARR || ft == FT_NUM16ARR || ft == FT_CHRARR_STATIC ) 
+    else if ( (ft == FT_STRARR || ft == FT_NUM16ARR || ft == FT_CHRARR_STATIC )
       && (PyList_CheckExact(py_attr) || PyW_IsSequenceType(py_attr)) )
     {
       // Return a reference to the attribute
@@ -182,8 +182,8 @@ class pycvt_t
 
   //-----------------------------------------------------------------------
   static int idaapi make_str_list_cb(
-    PyObject *py_item, 
-    Py_ssize_t index, 
+    PyObject *py_item,
+    Py_ssize_t index,
     void *ud)
   {
     if ( !PyString_Check(py_item) )
@@ -201,19 +201,19 @@ class pycvt_t
   {
     // Take the size
     Py_ssize_t size = pyvar_walk_list(py_list);
-    
+
     // Allocate a buffer
     char **a = (char **)qalloc((size + 1) * sizeof(char *));
-    
+
     // Walk and populate
     size = pyvar_walk_list(py_list, make_str_list_cb, a);
-    
+
     // Make the list NULL terminated
     a[size] = NULL;
-    
+
     // Return the list to the user
     *arr = a;
-    
+
     // Return the size of items processed
     return size;
   }
@@ -221,8 +221,8 @@ class pycvt_t
   //-----------------------------------------------------------------------
   typedef qvector<uint64> uint64vec_t;
   static int idaapi make_int_list(
-    PyObject *py_item, 
-    Py_ssize_t /*index*/, 
+    PyObject *py_item,
+    Py_ssize_t /*index*/,
     void *ud)
   {
     uint64 val;
@@ -344,7 +344,7 @@ public:
     }
     return ok ? -1 : i;
   }
-  
+
   //-----------------------------------------------------------------------
   // Converts fields from IDC and field description into a C structure
   // If 'use_extlang' is specified, then the passed idc_obj is considered
@@ -369,13 +369,13 @@ public:
 
       // Get field type
       int ft = fd.field_type & ~FT_VALUE_MASK;
-      
+
       // Point to structure member
       void *store = (void *)((char *)store_area + fd.field_offs);
-      
+
       // Retrieve attribute and type
       int cvt = get_attr(py_obj, fd.field_name, ft, attr);
-      
+
       // Attribute not found?
       if ( cvt == FT_NOT_FOUND )
       {
@@ -458,7 +458,7 @@ public:
 
 //-------------------------------------------------------------------------
 Py_ssize_t pyvar_walk_list(
-  PyObject *py_list, 
+  PyObject *py_list,
   int (idaapi *cb)(PyObject *py_item, Py_ssize_t index, void *ud),
   void *ud)
 {
@@ -480,7 +480,7 @@ Py_ssize_t pyvar_walk_list(
       break;
 
     int r = cb(py_item, i, ud);
-    
+
     // Decrement reference (if needed)
     if ( r != CIP_OK_NODECREF && is_seq )
         Py_DECREF(py_item); // Only sequences require us to decrement the reference
@@ -504,8 +504,8 @@ PyObject *PyW_IntVecToPyList(const intvec_t &intvec)
 
 //---------------------------------------------------------------------------
 static int idaapi pylist_to_intvec_cb(
-    PyObject *py_item, 
-    Py_ssize_t /*index*/, 
+    PyObject *py_item,
+    Py_ssize_t /*index*/,
     void *ud)
 {
   intvec_t &intvec = *(intvec_t *)ud;
@@ -1124,13 +1124,11 @@ struct py_add_del_menu_item_ctx
 //------------------------------------------------------------------------
 const char *pywraps_check_autoscripts()
 {
-#define STRING1(x) #x
-#define STRING2(x) STRING1(x)
   static const char *exts[] = {"py", "pyw", "pyc", "pyo"};
 
   static const char *fns[] =
   {
-    "swig_runtime_data" STRING2(SWIG_RUNTIME_VERSION),
+    "swig_runtime_data" SWIG_RUNTIME_VERSION,
     "sitecustomize",
     "usercustomize"
   };
@@ -1146,8 +1144,6 @@ const char *pywraps_check_autoscripts()
     }
   }
   return NULL;
-#undef STRING1
-#undef STRING2
 }
 
 //------------------------------------------------------------------------
@@ -1178,7 +1174,7 @@ bool init_pywraps()
     char dtor_name[MAXSTR];
     qsnprintf(dtor_name, sizeof(dtor_name), "%s.dtor", S_PY_IDC_OPAQUE_T);
 
-    // register the dtor function
+    // Register the dtor function
     if ( !set_idc_func_ex(dtor_name, py_idc_opaque_dtor, py_idc_cvt_helper_dtor_args, 0) )
       return false;