[Patches] [ python-Patches-1200134 ] buffer overflow in _cursesmodule.c
SourceForge.net
noreply at sourceforge.net
Wed May 11 22:15:09 CEST 2005
Patches item #1200134, was opened at 2005-05-11 22:15
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=1200134&group_id=5470
Category: Modules
Group: Python 2.4
Status: Open
Resolution: None
Priority: 5
Submitted By: Jan Michael Hülsbergen (avu)
Assigned to: Nobody/Anonymous (nobody)
Summary: buffer overflow in _cursesmodule.c
Initial Comment:
In PyCursesWindow_GetStr(), a buffer with a fixed size of 1024 byte
is used for reading the input from the user. This leads to a buffer
overflow.
If the user does not provide a limit to win.getstr(), wgetstr() is used,
enforcing no limit at all, if the user provides a limit, it can be greater
than 1024, leading to the same problem.
My Patch replaces the buffer with a dynamicly allocated one, if the
user does not provide a limit the maximum still is 1024.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=1200134&group_id=5470
More information about the Patches
mailing list