From 9934a8332c31bdcc0380873a4ccfdded806717eb Mon Sep 17 00:00:00 2001 From: Akshat Gupta Date: Sat, 28 Jun 2025 08:21:48 +0000 Subject: [PATCH 1/3] gh-136062: Buffer Overflow Vulnerability in _Py_wreadlink Function --- Python/fileutils.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Python/fileutils.c b/Python/fileutils.c index 2a3f12d4e872f8..56c07c8e1b7721 100644 --- a/Python/fileutils.c +++ b/Python/fileutils.c @@ -2102,7 +2102,8 @@ _Py_wreadlink(const wchar_t *path, wchar_t *buf, size_t buflen) errno = EINVAL; return -1; } - wcsncpy(buf, wbuf, buflen); + wcsncpy(buf, wbuf, buflen - 1); + buf[buflen - 1] = L'\0'; /* Ensure null termination */ PyMem_RawFree(wbuf); return (int)r1; } From 922e98b12e573907f4e3df9aae6f236bd2123f3e Mon Sep 17 00:00:00 2001 From: "blurb-it[bot]" <43283697+blurb-it[bot]@users.noreply.github.com> Date: Sat, 28 Jun 2025 08:24:07 +0000 Subject: [PATCH 2/3] =?UTF-8?q?=F0=9F=93=9C=F0=9F=A4=96=20Added=20by=20blu?= =?UTF-8?q?rb=5Fit.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../next/Security/2025-06-28-08-24-06.gh-issue-136062.fXKonh.rst | 1 + 1 file changed, 1 insertion(+) create mode 100644 Misc/NEWS.d/next/Security/2025-06-28-08-24-06.gh-issue-136062.fXKonh.rst diff --git a/Misc/NEWS.d/next/Security/2025-06-28-08-24-06.gh-issue-136062.fXKonh.rst b/Misc/NEWS.d/next/Security/2025-06-28-08-24-06.gh-issue-136062.fXKonh.rst new file mode 100644 index 00000000000000..95c8d714e83c80 --- /dev/null +++ b/Misc/NEWS.d/next/Security/2025-06-28-08-24-06.gh-issue-136062.fXKonh.rst @@ -0,0 +1 @@ +Fix buffer overflow vulnerability in `_Py_wreadlink` function by ensuring proper null-termination when using `wcsncpy`. From 41c1eeec3c314b1b5b9023d76447c56162473980 Mon Sep 17 00:00:00 2001 From: Akshat Gupta Date: Sat, 28 Jun 2025 08:27:09 +0000 Subject: [PATCH 3/3] Fix rst --- .../Security/2025-06-28-08-24-06.gh-issue-136062.fXKonh.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Misc/NEWS.d/next/Security/2025-06-28-08-24-06.gh-issue-136062.fXKonh.rst b/Misc/NEWS.d/next/Security/2025-06-28-08-24-06.gh-issue-136062.fXKonh.rst index 95c8d714e83c80..9275f949ea6dcf 100644 --- a/Misc/NEWS.d/next/Security/2025-06-28-08-24-06.gh-issue-136062.fXKonh.rst +++ b/Misc/NEWS.d/next/Security/2025-06-28-08-24-06.gh-issue-136062.fXKonh.rst @@ -1 +1 @@ -Fix buffer overflow vulnerability in `_Py_wreadlink` function by ensuring proper null-termination when using `wcsncpy`. +Fix buffer overflow vulnerability in :func:`_Py_wreadlink` function by ensuring proper null-termination when using :c:func:`wcsncpy`.