mirror of
https://github.com/python/cpython
synced 2024-10-14 08:51:20 +00:00
bpo-38945: UU Encoding: Don't let newline in filename corrupt the output format (#17418)
This commit is contained in:
Matthew Rollings
Guido van Rossum
parent
016b0280b8
commit
a62ad4730c
|
|
@ -20,6 +20,10 @@ def uu_encode(input, errors='strict', filename='<data>', mode=0o666):
|
|||
read = infile.read
|
||||
write = outfile.write
|
||||
|
||||
# Remove newline chars from filename
|
||||
filename = filename.replace('\n','\\n')
|
||||
filename = filename.replace('\r','\\r')
|
||||
|
||||
# Encode
|
||||
write(('begin %o %s\n' % (mode & 0o777, filename)).encode('ascii'))
|
||||
chunk = read(45)
|
||||
|
|
|
|||
|
|
@ -136,6 +136,15 @@ def test_garbage_padding(self):
|
|||
decoded = codecs.decode(encodedtext, "uu_codec")
|
||||
self.assertEqual(decoded, plaintext)
|
||||
|
||||
def test_newlines_escaped(self):
|
||||
# Test newlines are escaped with uu.encode
|
||||
inp = io.BytesIO(plaintext)
|
||||
out = io.BytesIO()
|
||||
filename = "test.txt\n\roverflow.txt"
|
||||
safefilename = b"test.txt\\n\\roverflow.txt"
|
||||
uu.encode(inp, out, filename)
|
||||
self.assertIn(safefilename, out.getvalue())
|
||||
|
||||
class UUStdIOTest(unittest.TestCase):
|
||||
|
||||
def setUp(self):
|
||||
|
|
|
|||
|
|
@ -73,6 +73,13 @@ def encode(in_file, out_file, name=None, mode=None, *, backtick=False):
|
|||
name = '-'
|
||||
if mode is None:
|
||||
mode = 0o666
|
||||
|
||||
#
|
||||
# Remove newline chars from name
|
||||
#
|
||||
name = name.replace('\n','\\n')
|
||||
name = name.replace('\r','\\r')
|
||||
|
||||
#
|
||||
# Write the data
|
||||
#
|
||||
|
|
|
|||
|
|
@ -0,0 +1 @@
|
|||
Newline characters have been escaped when performing uu encoding to prevent them from overflowing into to content section of the encoded file. This prevents malicious or accidental modification of data during the decoding process.
|
||||
Loading…
Reference in a new issue