From 7bd77d534c4a9fa3eb6788034c663e15a6343f51 Mon Sep 17 00:00:00 2001 From: "elias.bachaalany@gmail.com" Date: Wed, 27 Jul 2011 08:51:29 +0000 Subject: [PATCH] vuln bugfix: check for swig_runtime_dataN.py was not done properly (MSVR-11-0084) The bug is due to the following faulty line: http://code.google.com/p/idapython/source/browse/tags/build-1.5.1/swig/idaapi.i#611 --- python.cpp | 28 ++++++++++++++-------------- swig/idaapi.i | 50 +++++++++++++++++++++++--------------------------- 2 files changed, 37 insertions(+), 41 deletions(-) diff --git a/python.cpp b/python.cpp index b908054..0fbb719 100644 --- a/python.cpp +++ b/python.cpp @@ -42,7 +42,7 @@ // Python-style version tuple comes from the makefile // Only the serial and status is set here -#define VER_SERIAL 0 +#define VER_SERIAL 3 #define VER_STATUS "final" #define IDAPYTHON_RUNSTATEMENT 0 #define IDAPYTHON_ENABLE_EXTLANG 3 @@ -205,7 +205,7 @@ void disable_script_timeout() { // Clear timeout script_timeout = 0; - + // Uninstall the trace function and hide the waitbox (if it was shown) end_execution(); } @@ -215,7 +215,7 @@ int set_script_timeout(int timeout) { // Update the timeout qswap(timeout, script_timeout); - + // Reset the execution time and hide the waitbox (so it is shown again after timeout elapses) reset_execution_time(); hide_script_waitbox(); @@ -353,7 +353,7 @@ static PyObject *GetMainGlobals() //------------------------------------------------------------------------ static void PythonEvalOrExec( - const char *str, + const char *str, const char *filename = "") { // Compile as an expression @@ -411,7 +411,7 @@ static error_t idaapi idc_runpythonstatement(idc_value_t *argv, idc_value_t *res Py_file_input, globals, globals); - PYW_GIL_RELEASE; + PYW_GIL_RELEASE; Py_XDECREF(result); end_execution(); @@ -513,13 +513,13 @@ static int PyRunFile(const char *FileName) PYW_GIL_ENSURE; PyObject *result = PyRun_File( - PyFile_AsFile(PyFileObject), - FileName, - Py_file_input, - globals, + PyFile_AsFile(PyFileObject), + FileName, + Py_file_input, + globals, globals); PYW_GIL_RELEASE; - + Py_XDECREF(PyFileObject); Py_XDECREF(result); @@ -760,7 +760,7 @@ bool idaapi IDAPython_extlang_run( if ( imported_module ) { - PYW_GIL_ENSURE; + PYW_GIL_ENSURE; module = PyImport_ImportModule(modname); PYW_GIL_RELEASE; } @@ -1163,7 +1163,7 @@ bool idaapi IDAPython_cli_execute_line(const char *line) // Pseudo commands // qstring s; - do + do { // Help command? if ( line[0] == '?' ) @@ -1402,10 +1402,10 @@ bool IDAPython_Init(void) // Read configuration value read_user_config_file("python.cfg", set_python_options, NULL); - if ( g_alert_auto_scripts ) + if ( g_alert_auto_scripts ) { const char *autofn = pywraps_check_autoscripts(); - if ( autofn != NULL + if ( autofn != NULL && askyn_c(0, "HIDECANCEL\nTITLE IDAPython\nThe script '%s' was found in the current directory and will be automatically executed by Python.\n\n" "Do you want to continue loading IDAPython?", autofn) == 0 ) { diff --git a/swig/idaapi.i b/swig/idaapi.i index e1661b3..8f1e5ff 100644 --- a/swig/idaapi.i +++ b/swig/idaapi.i @@ -151,9 +151,9 @@ class pycvt_t //----------------------------------------------------------------------- static int get_attr( - PyObject *py_obj, - const char *attrname, - int ft, + PyObject *py_obj, + const char *attrname, + int ft, attr_t &val) { PyObject *py_attr; @@ -166,7 +166,7 @@ class pycvt_t else if ( (ft > FT_FIRST_NUM && ft < FT_LAST_NUM) && PyW_GetNumber(py_attr, &val.u64) ) ; // nothing to be done // A string array? - else if ( (ft == FT_STRARR || ft == FT_NUM16ARR || ft == FT_CHRARR_STATIC ) + else if ( (ft == FT_STRARR || ft == FT_NUM16ARR || ft == FT_CHRARR_STATIC ) && (PyList_CheckExact(py_attr) || PyW_IsSequenceType(py_attr)) ) { // Return a reference to the attribute @@ -182,8 +182,8 @@ class pycvt_t //----------------------------------------------------------------------- static int idaapi make_str_list_cb( - PyObject *py_item, - Py_ssize_t index, + PyObject *py_item, + Py_ssize_t index, void *ud) { if ( !PyString_Check(py_item) ) @@ -201,19 +201,19 @@ class pycvt_t { // Take the size Py_ssize_t size = pyvar_walk_list(py_list); - + // Allocate a buffer char **a = (char **)qalloc((size + 1) * sizeof(char *)); - + // Walk and populate size = pyvar_walk_list(py_list, make_str_list_cb, a); - + // Make the list NULL terminated a[size] = NULL; - + // Return the list to the user *arr = a; - + // Return the size of items processed return size; } @@ -221,8 +221,8 @@ class pycvt_t //----------------------------------------------------------------------- typedef qvector uint64vec_t; static int idaapi make_int_list( - PyObject *py_item, - Py_ssize_t /*index*/, + PyObject *py_item, + Py_ssize_t /*index*/, void *ud) { uint64 val; @@ -344,7 +344,7 @@ public: } return ok ? -1 : i; } - + //----------------------------------------------------------------------- // Converts fields from IDC and field description into a C structure // If 'use_extlang' is specified, then the passed idc_obj is considered @@ -369,13 +369,13 @@ public: // Get field type int ft = fd.field_type & ~FT_VALUE_MASK; - + // Point to structure member void *store = (void *)((char *)store_area + fd.field_offs); - + // Retrieve attribute and type int cvt = get_attr(py_obj, fd.field_name, ft, attr); - + // Attribute not found? if ( cvt == FT_NOT_FOUND ) { @@ -458,7 +458,7 @@ public: //------------------------------------------------------------------------- Py_ssize_t pyvar_walk_list( - PyObject *py_list, + PyObject *py_list, int (idaapi *cb)(PyObject *py_item, Py_ssize_t index, void *ud), void *ud) { @@ -480,7 +480,7 @@ Py_ssize_t pyvar_walk_list( break; int r = cb(py_item, i, ud); - + // Decrement reference (if needed) if ( r != CIP_OK_NODECREF && is_seq ) Py_DECREF(py_item); // Only sequences require us to decrement the reference @@ -504,8 +504,8 @@ PyObject *PyW_IntVecToPyList(const intvec_t &intvec) //--------------------------------------------------------------------------- static int idaapi pylist_to_intvec_cb( - PyObject *py_item, - Py_ssize_t /*index*/, + PyObject *py_item, + Py_ssize_t /*index*/, void *ud) { intvec_t &intvec = *(intvec_t *)ud; @@ -1124,13 +1124,11 @@ struct py_add_del_menu_item_ctx //------------------------------------------------------------------------ const char *pywraps_check_autoscripts() { -#define STRING1(x) #x -#define STRING2(x) STRING1(x) static const char *exts[] = {"py", "pyw", "pyc", "pyo"}; static const char *fns[] = { - "swig_runtime_data" STRING2(SWIG_RUNTIME_VERSION), + "swig_runtime_data" SWIG_RUNTIME_VERSION, "sitecustomize", "usercustomize" }; @@ -1146,8 +1144,6 @@ const char *pywraps_check_autoscripts() } } return NULL; -#undef STRING1 -#undef STRING2 } //------------------------------------------------------------------------ @@ -1178,7 +1174,7 @@ bool init_pywraps() char dtor_name[MAXSTR]; qsnprintf(dtor_name, sizeof(dtor_name), "%s.dtor", S_PY_IDC_OPAQUE_T); - // register the dtor function + // Register the dtor function if ( !set_idc_func_ex(dtor_name, py_idc_opaque_dtor, py_idc_cvt_helper_dtor_args, 0) ) return false;