diff options
| author | scoder <stefan_ml@behnel.de> | 2018-03-24 06:56:41 +0100 |
|---|---|---|
| committer | Serhiy Storchaka <storchaka@gmail.com> | 2018-03-24 07:56:41 +0200 |
| commit | 0694b6a651ba2a53f6323ffb3b23358f43885815 (patch) | |
| tree | 48b05b1290adfc361e50f99382b0f451fd9b2a40 /Modules | |
| parent | 1ce4e5bee6df476836f799456f2caf77cd13dc97 (diff) | |
| download | cpython-git-0694b6a651ba2a53f6323ffb3b23358f43885815.tar.gz | |
bpo-31544: Avoid calling "PyObject_GetAttrString()" (and potentially executing user code) with a live exception set. (GH-3992)
Diffstat (limited to 'Modules')
| -rw-r--r-- | Modules/_elementtree.c | 35 |
1 files changed, 33 insertions, 2 deletions
diff --git a/Modules/_elementtree.c b/Modules/_elementtree.c index 574559c631..7f0e609340 100644 --- a/Modules/_elementtree.c +++ b/Modules/_elementtree.c @@ -2510,6 +2510,18 @@ expat_unknown_encoding_handler(XMLParserObject *self, const XML_Char *name, /* -------------------------------------------------------------------- */ /* constructor and destructor */ +static int +ignore_attribute_error(PyObject *value) +{ + if (value == NULL) { + if (!PyErr_ExceptionMatches(PyExc_AttributeError)) { + return -1; + } + PyErr_Clear(); + } + return 0; +} + static PyObject* xmlparser(PyObject* self_, PyObject* args, PyObject* kw) { @@ -2578,14 +2590,33 @@ xmlparser(PyObject* self_, PyObject* args, PyObject* kw) self->target = target; self->handle_xml = PyObject_GetAttrString(target, "xml"); + if (ignore_attribute_error(self->handle_xml)) { + return NULL; + } self->handle_start = PyObject_GetAttrString(target, "start"); + if (ignore_attribute_error(self->handle_start)) { + return NULL; + } self->handle_data = PyObject_GetAttrString(target, "data"); + if (ignore_attribute_error(self->handle_data)) { + return NULL; + } self->handle_end = PyObject_GetAttrString(target, "end"); + if (ignore_attribute_error(self->handle_end)) { + return NULL; + } self->handle_comment = PyObject_GetAttrString(target, "comment"); + if (ignore_attribute_error(self->handle_comment)) { + return NULL; + } self->handle_pi = PyObject_GetAttrString(target, "pi"); + if (ignore_attribute_error(self->handle_pi)) { + return NULL; + } self->handle_close = PyObject_GetAttrString(target, "close"); - - PyErr_Clear(); + if (ignore_attribute_error(self->handle_close)) { + return NULL; + } /* configure parser */ EXPAT(SetUserData)(self->parser, self); |