From 866bf6772e51c1a6c3ec948cdac18bc4b2d65e8a Mon Sep 17 00:00:00 2001 From: chgnrdv Date: Tue, 18 Oct 2022 22:18:38 +0300 Subject: [PATCH 1/5] Add unicode check for 'name' attribute in _imp_create_builtin _imp_create_builtin crashes if 'name' attribute of 'spec' argument is not a 'str' instance. This commit adds appropriate check. --- Python/import.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/Python/import.c b/Python/import.c index 698ef37ce0a131..c85868c31b5ae2 100644 --- a/Python/import.c +++ b/Python/import.c @@ -1021,6 +1021,13 @@ _imp_create_builtin(PyObject *module, PyObject *spec) return NULL; } + if (!PyUnicode_Check(name)) { + PyErr_Format(PyExc_TypeError, + "name must be string, not %.200s", + Py_TYPE(name)->tp_name); + return NULL; + } + PyObject *mod = create_builtin(tstate, name, spec); Py_DECREF(name); return mod; From 4d0d69b459e9725571378daa5a0e1bf8ede75f75 Mon Sep 17 00:00:00 2001 From: chgnrdv Date: Tue, 18 Oct 2022 23:42:15 +0300 Subject: [PATCH 2/5] Added missing Py_DECREF --- Python/import.c | 1 + 1 file changed, 1 insertion(+) diff --git a/Python/import.c b/Python/import.c index c85868c31b5ae2..9d35d261774211 100644 --- a/Python/import.c +++ b/Python/import.c @@ -1025,6 +1025,7 @@ _imp_create_builtin(PyObject *module, PyObject *spec) PyErr_Format(PyExc_TypeError, "name must be string, not %.200s", Py_TYPE(name)->tp_name); + Py_DECREF(name); return NULL; } From 48b46a4c5d9b2b4581a7bd9cb380e5c4784c81ab Mon Sep 17 00:00:00 2001 From: chgnrdv Date: Wed, 19 Oct 2022 20:24:37 +0300 Subject: [PATCH 3/5] Added tests --- Lib/test/test_imp.py | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/Lib/test/test_imp.py b/Lib/test/test_imp.py index 35b6afa91ebd4f..332a28ec6be990 100644 --- a/Lib/test/test_imp.py +++ b/Lib/test/test_imp.py @@ -378,6 +378,41 @@ def test_find_and_load_checked_pyc(self): mod = imp.load_module('mymod', file, path, description) self.assertEqual(mod.x, 42) + def test_issue98354(self): + # _imp.create_builtin should raise TypeError + # if 'name' attribute of 'spec' argument is not a 'str' instance + + create_builtin = support.get_attribute(_imp, "create_builtin") + + class FakeSpec: + def __init__(self, name): + self.name = self + spec = FakeSpec("time") + with self.assertRaises(TypeError): + create_builtin(spec) + + class FakeSpec2: + name = [1, 2, 3, 4] + spec = FakeSpec2() + with self.assertRaises(TypeError): + create_builtin(spec) + + class UnicodeSubclass(str): + pass + class GoodSpec: + name = UnicodeSubclass("sys") + spec = GoodSpec() + bltin = create_builtin(spec) + import sys + self.assertEqual(bltin, sys) + + class UnicodeSubclassFakeSpec(str): + def __init__(self, name): + self.name = self + spec = UnicodeSubclassFakeSpec("builtins") + bltin = create_builtin(spec) + import builtins + self.assertEqual(bltin, builtins) class ReloadTests(unittest.TestCase): From 010add5bca380b2da9f29ccc5bad95cf391e894f Mon Sep 17 00:00:00 2001 From: chgnrdv Date: Wed, 19 Oct 2022 20:57:24 +0300 Subject: [PATCH 4/5] Fixed tests because sys module import breaks them --- Lib/test/test_imp.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/Lib/test/test_imp.py b/Lib/test/test_imp.py index 332a28ec6be990..446e913e5bf383 100644 --- a/Lib/test/test_imp.py +++ b/Lib/test/test_imp.py @@ -397,21 +397,20 @@ class FakeSpec2: with self.assertRaises(TypeError): create_builtin(spec) + import builtins class UnicodeSubclass(str): pass class GoodSpec: - name = UnicodeSubclass("sys") + name = UnicodeSubclass("builtins") spec = GoodSpec() bltin = create_builtin(spec) - import sys - self.assertEqual(bltin, sys) + self.assertEqual(bltin, builtins) class UnicodeSubclassFakeSpec(str): def __init__(self, name): self.name = self spec = UnicodeSubclassFakeSpec("builtins") bltin = create_builtin(spec) - import builtins self.assertEqual(bltin, builtins) class ReloadTests(unittest.TestCase): From 964da44a9443243b367f0472d775a96f9e7dc758 Mon Sep 17 00:00:00 2001 From: "blurb-it[bot]" <43283697+blurb-it[bot]@users.noreply.github.com> Date: Wed, 19 Oct 2022 18:03:29 +0000 Subject: [PATCH 5/5] =?UTF-8?q?=F0=9F=93=9C=F0=9F=A4=96=20Added=20by=20blu?= =?UTF-8?q?rb=5Fit.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../2022-10-19-18-03-28.gh-issue-98354.GRGta3.rst | 1 + 1 file changed, 1 insertion(+) create mode 100644 Misc/NEWS.d/next/Core and Builtins/2022-10-19-18-03-28.gh-issue-98354.GRGta3.rst diff --git a/Misc/NEWS.d/next/Core and Builtins/2022-10-19-18-03-28.gh-issue-98354.GRGta3.rst b/Misc/NEWS.d/next/Core and Builtins/2022-10-19-18-03-28.gh-issue-98354.GRGta3.rst new file mode 100644 index 00000000000000..a600f3e927a315 --- /dev/null +++ b/Misc/NEWS.d/next/Core and Builtins/2022-10-19-18-03-28.gh-issue-98354.GRGta3.rst @@ -0,0 +1 @@ +Added unicode check for ``name`` attribute of ``spec`` argument passed in :func:`_imp.create_builtin` function.