Commit 3d9af5f1 authored by Julian Andres Klode's avatar Julian Andres Klode
Browse files

arfile.cc: Fix segmentation fault when opening fd, track lifetime

correctly

The lines that created self->Fd and that then made use of it were
swapped, causing a segmentation fault.

Also the life of the file object was tracked incorrectly, causing
the file to be closed if it was a temporary one.

Closes: #977000
parent 8606a7c0
......@@ -434,8 +434,8 @@ static PyObject *ararchive_new(PyTypeObject *type, PyObject *args,
else if ((fileno = PyObject_AsFileDescriptor(file)) != -1) {
// Clear the error set by PyObject_AsString().
PyErr_Clear();
self->Fd = CppPyObject_NEW<FileFd>(NULL, &PyFileFd_Type);
self.reset((PyArArchiveObject*) CppPyObject_NEW<ARArchive*>(file,type));
self.reset((PyArArchiveObject*) CppPyObject_NEW<ARArchive*>(NULL,type));
self->Fd = CppPyObject_NEW<FileFd>(file, &PyFileFd_Type);
new (&self->Fd->Object) FileFd(fileno,false);
}
else {
......
......@@ -36,6 +36,11 @@ class TestCVE_2020_27351(unittest.TestCase):
after = os.listdir("/proc/self/fd")
self.assertEqual(before, after)
def test_regression_bug_977000(self):
"""opening with a file handle should work correctly"""
with open(self.GOOD_DEB) as good_deb:
apt_inst.DebFile(good_deb).control.extractdata("control")
def test_success_a_member(self):
"""fd should be kept around as long as a tarfile member"""
before = os.listdir("/proc/self/fd")
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment