Login | Register For Free | Help	Search this list this category for: (Advanced)

Mailing List Archive: Python: Bugs [ python-Bugs-1576861 ] potential buffer overflow in complexobject.c   Index | Next | Previous | View Flat

noreply at sourceforge Oct 13, 2006, 2:06 PM Views: 293 Permalink [ python-Bugs-1576861 ] potential buffer overflow in complexobject.c Bugs item #1576861, was opened at 2006-10-13 22:06 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1576861&group_id=5470 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Python Interpreter Core Group: Python 2.4 Status: Open Resolution: None Priority: 5 Submitted By: Jochen Voss (jvoss2) Assigned to: Nobody/Anonymous (nobody) Summary: potential buffer overflow in complexobject.c Initial Comment: python version 2.4.3 Hello, recently I came across the following bit of code in the source file Objects/complexobject.c: static void complex_to_buf(char *buf, int bufsz, PyComplexObject *v, int precision) { char format[32]; if (v->cval.real == 0.) { PyOS_snprintf(format, 32, "%%.%ig", precision); PyOS_ascii_formatd(buf, bufsz, format, v->cval.imag); strncat(buf, "j", bufsz); The strncat statement in the last line is potentially unsafe: the size argument of strncat determines how many characters are to be added maxmimally and not how large the buffer is in total. Also there needs to be space for an additional '\0' byte. This seems currently not exploitable, because the function 'complex_to_buf' is always called with a large enough buffer, but it should be fixed any way (for example to make sure that nobody copies this code for use in another context). I hope this helps, Jochen ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1576861&group_id=5470 _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/list-python-bugs%40lists.gossamer-threads.com

Subject User Time [ python-Bugs-1576861 ] potential buffer overflow in complexobject.c noreply at sourceforge Oct 13, 2006, 2:06 PM     [ python-Bugs-1576861 ] potential buffer overflow in complexobject.c noreply at sourceforge Oct 19, 2006, 2:44 PM     [ python-Bugs-1576861 ] potential buffer overflow in complexobject.c noreply at sourceforge Oct 19, 2006, 11:40 PM

Index | Next | Previous | View Flat   Python     Announce     Python     Dev     Bugs     Checkins

Interested in having your list archived? Contact lists@gossamer-threads.com
 

Web Applications & Managed Hosting Powered by Gossamer Threads Inc.