commit 6a2656094d1806abc5229758246865bcbaa34c5e
author Antoine Pitrou <solipsis@pitrou.net> Fri May 21 17:12:38 2010 +0000
committer Antoine Pitrou <solipsis@pitrou.net> Fri May 21 17:12:38 2010 +0000
tree 787da764ae5b179c79182e62976314c6bfb8c9d4
parent a85bd06a82276863382b825de82aaa89760b0fa1

Issue #5753: A new C API function, :cfunc:`PySys_SetArgvEx`, allows
embedders of the interpreter to set sys.argv without also modifying
sys.path.  This helps fix `CVE-2008-5983
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5983>`_.

Python/sysmodule.c

diff --git a/Python/sysmodule.c b/Python/sysmodule.c
index 7cfa15d..97ce8cd 100644
--- a/Python/sysmodule.c
+++ b/Python/sysmodule.c
@@ -1649,7 +1649,7 @@
 }
 
 void
-PySys_SetArgv(int argc, char **argv)
+PySys_SetArgvEx(int argc, char **argv, int updatepath)
 {
 #if defined(HAVE_REALPATH)
     char fullpath[MAXPATHLEN];
@@ -1662,7 +1662,7 @@
         Py_FatalError("no mem for sys.argv");
     if (PySys_SetObject("argv", av) != 0)
         Py_FatalError("can't assign sys.argv");
-    if (path != NULL) {
+    if (updatepath && path != NULL) {
         char *argv0 = argv[0];
         char *p = NULL;
         Py_ssize_t n = 0;
@@ -1752,6 +1752,12 @@
     Py_DECREF(av);
 }
 
+void
+PySys_SetArgv(int argc, char **argv)
+{
+    PySys_SetArgvEx(argc, argv, 1);
+}
+
 
 /* APIs to write to sys.stdout or sys.stderr using a printf-like interface.
    Adapted from code submitted by Just van Rossum.