Vulnerability Development mailing list archives
Re: Buffer overflow in Python code
From: Chris Ess <azarin () tokimi net>
Date: Sun, 25 Nov 2001 13:05:14 -0500 (EST)
I've found buffer overflow in Python 2.1.1 source code. (Maybe there're many others) The buffer overflow is in the file traceback.c in the directory Python of the Python source code. Simply there's a sprintf done in this way: sprintf(linebuf,FMT,filename,lineno,name) What cause the overflow is the name parameter which could be > 1000 (linebuf size) Alex Martelli <aleax () aleax it> has submitted the bug on sourceforge as 485175, and produced the follow script to demostrate the overflow:
Using the supplied script, I did achieve a segfault during the traceback with Python 2.1. However, I'm hardpressed to figure out how one would exploit this... After all, the Python binary is rarely SUID or SGID. (I know it's not on my system.) Is this a bug in the code? Yes. Is this a security concern? Right now, I'm inclined to say 'no'. However if it is, I would appreciate being told why. Sincerely, Chris Ess System Administrator / CDTT (Certified Duct Tape Technician)
Current thread:
- Buffer overflow in Python code Giorgio (Nov 25)
- Re: Buffer overflow in Python code Chris Ess (Nov 25)
- Re: Buffer overflow in Python code Ryan Permeh (Nov 26)
- Re: Buffer overflow in Python code Florian Weimer (Nov 26)
- Re: Buffer overflow in Python code Chris Ess (Nov 25)