[Patches] [ python-Patches-1698723 ] Help with Python codebase
SourceForge.net
noreply at sourceforge.net
Wed Apr 11 21:13:59 CEST 2007
Patches item #1698723, was opened at 2007-04-11 19:11
Message generated for change (Comment added) made by gbrandl
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=1698723&group_id=5470
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Core (C code)
Group: None
>Status: Closed
>Resolution: Invalid
Priority: 5
Private: No
Submitted By: Munawar (munawar2007)
Assigned to: Nobody/Anonymous (nobody)
Summary: Help with Python codebase
Initial Comment:
Hi,
I am a Ph.D. student at UIUC working with Professor Ralph Johnson. My research interest is security and software architecture. At this point, I am surveying existing software architecture for buffer overflow vulnerability protection.
I need some help understanding the Python codebase. In particular I have three questions.
1. Does the C code use the string library functions (strcpy, strcat, gets etc)?
2. Or does it use some sort of buffer bounds checking, either by rewriting the string library, or checking before every buffer operation?
3. Is the bounds checking available from the first release, or it has been included in a subsequent release? How did the development team go about making this change in the code?
Any information would be greatly appreciated. Thanks in advance.
Munawar Hafiz
UIUC
https://netfiles.uiuc.edu/mhafiz/www/
----------------------------------------------------------------------
>Comment By: Georg Brandl (gbrandl)
Date: 2007-04-11 19:13
Message:
Logged In: YES
user_id=849994
Originator: NO
Please post such questions on the python-dev mailing list, to be found at
<http://mail.python.org/mailman/listinfo/python-dev>.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=1698723&group_id=5470
More information about the Patches
mailing list