[security] bpo-13617: Reject embedded null characters in wchar* strings. (#2302) Based on patch by Victor Stinner. Add private C API function _PyUnicode_AsUnicode() which is similar to PyUnicode_AsUnicode(), but checks for null characters.

commit: f7eae0adfcd4c50034281b2c69f461b43b68db84 [log] [tgz]
author: Serhiy Storchaka <storchaka@gmail.com> Wed Jun 28 08:30:06 2017 +0300
committer: GitHub <noreply@github.com> Wed Jun 28 08:30:06 2017 +0300
tree: 02d6a582fd81f615e71c55365f1b37a774fc0a4e
parent: 592eda123329bb5ce2bffcbe3701be6b909f1b2a [diff] [blame]
diff --git a/Modules/pwdmodule.c b/Modules/pwdmodule.c
index 784e9d0..bbef2de 100644
--- a/Modules/pwdmodule.c
+++ b/Modules/pwdmodule.c

@@ -158,6 +158,7 @@
 
     if ((bytes = PyUnicode_EncodeFSDefault(arg)) == NULL)
         return NULL;
+    /* check for embedded null bytes */
     if (PyBytes_AsStringAndSize(bytes, &name, NULL) == -1)
         goto out;
     if ((p = getpwnam(name)) == NULL) {
commit	f7eae0adfcd4c50034281b2c69f461b43b68db84	[log] [tgz]
author	Serhiy Storchaka <storchaka@gmail.com>	Wed Jun 28 08:30:06 2017 +0300
committer	GitHub <noreply@github.com>	Wed Jun 28 08:30:06 2017 +0300
tree	02d6a582fd81f615e71c55365f1b37a774fc0a4e
parent	592eda123329bb5ce2bffcbe3701be6b909f1b2a [diff] [blame]