A RetroSearch Logo

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Search Query:

Showing content from https://github.com/python/cpython/commit/30afc91f5e70cf4748ffac77a419ba69ebca6f6a below:

Don't let newline in filename corrupt the out… · python/cpython@30afc91 · GitHub

File tree Expand file treeCollapse file tree 4 files changed

+21

-0

lines changed

Filter options

Expand file treeCollapse file tree 4 files changed

+21

-0

lines changed Original file line number Diff line number Diff line change

@@ -20,6 +20,10 @@ def uu_encode(input, errors='strict', filename='<data>', mode=0o666):

 20 20

read = infile.read

 21 21

write = outfile.write

 22 22 23 +

# Remove newline chars from filename

 24 +

filename = filename.replace('\n','\\n')

 25 +

filename = filename.replace('\r','\\r')

 26 + 23 27

# Encode

 24 28

write(('begin %o %s\n' % (mode & 0o777, filename)).encode('ascii'))

 25 29

chunk = read(45)

 Original file line number Diff line number Diff line change

@@ -114,6 +114,15 @@ def test_garbage_padding(self):

 114 114

decoded = codecs.decode(encodedtext, "uu_codec")

 115 115

self.assertEqual(decoded, plaintext)

 116 116 117 +

def test_newlines_escaped(self):

 118 +

# Test newlines are escaped with uu.encode

 119 +

inp = io.BytesIO(plaintext)

 120 +

out = io.BytesIO()

 121 +

filename = "test.txt\n\roverflow.txt"

 122 +

safefilename = b"test.txt\\n\\roverflow.txt"

 123 +

uu.encode(inp, out, filename)

 124 +

self.assertIn(safefilename, out.getvalue())

 125 + 117 126

class UUStdIOTest(unittest.TestCase):

 118 127 119 128

def setUp(self):

 Original file line number Diff line number Diff line change

@@ -73,6 +73,13 @@ def encode(in_file, out_file, name=None, mode=None):

 73 73

name = '-'

 74 74

if mode is None:

 75 75

mode = 0o666

 76 + 77 +

#

 78 +

# Remove newline chars from name

 79 +

#

 80 +

name = name.replace('\n','\\n')

 81 +

name = name.replace('\r','\\r')

 82 + 76 83

#

 77 84

# Write the data

 78 85

#

 Original file line number Diff line number Diff line change

@@ -0,0 +1 @@

 1 +

Newline characters have been escaped when performing uu encoding to prevent them from overflowing into to content section of the encoded file. This prevents malicious or accidental modification of data during the decoding process.

You can’t perform that action at this time.

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4