Re: Buffer overflow in Python code

[Chris Ess <azarin () tokimi net>]

> I've found buffer overflow in Python 2.1.1 source code. (Maybe
> there're many others) The buffer overflow is in the file traceback.c
> in the directory Python of the Python source code.
>
> Simply there's a sprintf done in this way:
> sprintf(linebuf,FMT,filename,lineno,name) What cause the overflow is
> the name parameter which could be > 1000 (linebuf size) Alex Martelli
> <aleax () aleax it> has submitted the bug on sourceforge as 485175, and
> produced the follow script to demostrate the overflow:

Using the supplied script, I did achieve a segfault during the traceback
with Python 2.1.  However, I'm hardpressed to figure out how one would
exploit this...  After all, the Python binary is rarely SUID or SGID.  (I
know it's not on my system.)

Is this a bug in the code?  Yes.

Is this a security concern?  Right now, I'm inclined to say 'no'.  However
if it is, I would appreciate being told why.

Sincerely,
Chris Ess
System Administrator / CDTT (Certified Duct Tape Technician)