homepage

I found this issue with code analyzer in VS2010.
The problem applies to all 3.x versions, but there is no corresponding winreg.c file in 2.x.
Since I'm not sure of the maintenance state of the individual branches, I'm creating this defect hoping for guidance. Which branches should be fixed?

The patch looks fine. As it's not a security fix, it should go into 3.2 and default.

In 2.7, the file is named _winreg.c. But the patch does not apply there, because it's using the ANSI (=bytes) API.

Thanks.
Martin, what constitutes a security fix for Python? For example, isn't it conceivable that one could place a long key into some registry setting used by python and thus interfere with its stack? Aren't stack buffer overruns a classic security hole?

> Martin, what constitutes a security fix for Python? For example, 
> isn't it conceivable that one could place a long key into some 
> registry setting used by python and thus interfere with its stack?
If it has a CVE identifier, it's a security fix. Otherwise, I'd apply
standard risk assessment procedures, and ask the release manager for
judgement.
> Aren't stack buffer overruns a classic security hole?
My personal risk assessment of this issue is that it has a fairly low
risk, as the likelihood of an attack is low. Just placing a key in the
registry is not sufficient as an attack: one would also need a different
user who has a Python application that enumerates this part of the
registry. In that scenario, the user would have to be unprivileged (*), i.e.
would not have write permissions to either HKLM nor HKCR. Writing to HKCU
does not constitute a threat, since it would only allow to crash your own
Python applications.
There may be opportunities where an administrator has a script that
traverses HKEY_USERS while a different user is logged on. Given that the
threat of being discovered is very high for the attacker, and given that
the typical Windows installation does not use concurrent logins, and
given that traversing HKEY_USERS is uncommon, I think the risk of this
threat is really low.
(*) an administrator user could just as well replace the Python DLL,
causing a threat regardless of the winreg module.

Thanks for the your info/insight, Martin. I'll update 3.2 and 3.3. as you suggest then.

New changeset b3639f6aaa2b by Kristján Valur Jónsson in branch '3.2':
Issue #14471: Fix a possible buffer overrun in the winreg module.
http://hg.python.org/cpython/rev/b3639f6aaa2b
New changeset 80d814d7b886 by Kristján Valur Jónsson in branch 'default':
Merge with 3.2 (Issue #14471)
http://hg.python.org/cpython/rev/80d814d7b886