[Python-bugs-list] [ python-Bugs-486530 ] replace sprintf with PyOS_snprintf

noreply@sourceforge.net noreply@sourceforge.net
Mon, 03 Dec 2001 13:24:35 -0800


Bugs item #486530, was opened at 2001-11-28 09:08
You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=486530&group_id=5470

Category: Python Interpreter Core
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Jeremy Hylton (jhylton)
>Assigned to: Jack Jansen (jackjansen)
Summary: replace sprintf with PyOS_snprintf

Initial Comment:
Some or all of the sprintf calls we make are vulnerable
to buffer overflows.  A few of these calls use
stack-allocated buffers, which are real security problems.

MAL has fixed three of them, but if we're going to fix
any we need to fix them all.

We'll try to finish this task as soon as possible.


----------------------------------------------------------------------

>Comment By: Tim Peters (tim_one)
Date: 2001-12-03 13:24

Message:
Logged In: YES 
user_id=31435

Reassigned this to Jack.  The list Guido gave was derived 
from a list I gave him, and it didn't include any files 
under the Mac directory:

C:\Code\python\Mac>findstr /m /s sprintf *.c
compat\getwd.c
modules\calldll.c
modules\macfsmodule.c
modules\cf\_cfmodule.c
modules\ctl\_ctlmodule.c
modules\win\_winmodule.c
modules\hfsplusmodule.c
python\macimport.c


----------------------------------------------------------------------

Comment By: Guido van Rossum (gvanrossum)
Date: 2001-12-03 13:10

Message:
Logged In: YES 
user_id=6380

Most of this is done.  There are a few cases left, some
intentionally (and carefully analyzed). I won't close it
yet, but I see no need for the high priority now.

sprintf is still used in:

drawfmodule.c (RISCOS\Modules) -- unsafe, only affects one
platform
getbuildinfo.c (Modules) -- safe
getnameinfo.c (Modules) -- safe
grammar1.c (Parser) -- safe
mactoolboxglue.c (Python) -- safe
stringobject.c (Objects) -- safe
strtod.c (Python) -- probably safe; AFAICT this file is
unused (?)


----------------------------------------------------------------------

You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=486530&group_id=5470