From 084f80b82c564c8a3cef26fc6e56da188a379be2 Mon Sep 17 00:00:00 2001
From: "Miss Islington (bot)"
 <31488909+miss-islington@users.noreply.github.com>
Date: Wed, 27 Sep 2017 09:21:33 -0700
Subject: [3.6] bpo-31588: Validate return value of __prepare__() methods
 (GH-3790)

Class execution requires that __prepare__() methods return
a proper execution namespace. Check for that immediately
after calling __prepare__(), rather than passing it through
to the code execution machinery and potentially triggering
SystemError (in debug builds) or a cryptic TypeError
(in release builds).

Patch by Oren Milman.
(cherry picked from commit 5837d0418f47933b2e3c139bdee8a79c248a943c)
---
 Python/bltinmodule.c | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'Python/bltinmodule.c')

diff --git a/Python/bltinmodule.c b/Python/bltinmodule.c
index 911e2ba79e..1960a095b8 100644
--- a/Python/bltinmodule.c
+++ b/Python/bltinmodule.c
@@ -167,6 +167,13 @@ builtin___build_class__(PyObject *self, PyObject *args, PyObject *kwds)
         Py_DECREF(bases);
         return NULL;
     }
+    if (!PyMapping_Check(ns)) {
+        PyErr_Format(PyExc_TypeError,
+                     "%.200s.__prepare__() must return a mapping, not %.200s",
+                     isclass ? ((PyTypeObject *)meta)->tp_name : "<metaclass>",
+                     Py_TYPE(ns)->tp_name);
+        goto error;
+    }
     cell = PyEval_EvalCodeEx(PyFunction_GET_CODE(func), PyFunction_GET_GLOBALS(func), ns,
                              NULL, 0, NULL, 0, NULL, 0, NULL,
                              PyFunction_GET_CLOSURE(func));
-- 
cgit v1.2.1