[Python-bugs-list] [ python-Bugs-486530 ] replace sprintf with PyOS_snprintf

noreply@sourceforge.net noreply@sourceforge.net
Wed, 05 Dec 2001 15:28:07 -0800 

Bugs item #486530, was opened at 2001-11-28 09:08
You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=486530&group_id=5470

Category: Python Interpreter Core
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Jeremy Hylton (jhylton)
>Assigned to: Guido van Rossum (gvanrossum)
Summary: replace sprintf with PyOS_snprintf

Initial Comment:
Some or all of the sprintf calls we make are vulnerable
to buffer overflows.  A few of these calls use
stack-allocated buffers, which are real security problems.

MAL has fixed three of them, but if we're going to fix
any we need to fix them all.

We'll try to finish this task as soon as possible.


----------------------------------------------------------------------

>Comment By: Jack Jansen (jackjansen)
Date: 2001-12-05 15:28

Message:
Logged In: YES 
user_id=45365

The Mac files are either fixed or confirmed harmless, with one exception, Compat/getcwd.c. But this one is not 
really part of Python, so using PyOS_snprintf might not be a good idea, and in Python's use cases it seems 
harmless.


----------------------------------------------------------------------

Comment By: Tim Peters (tim_one)
Date: 2001-12-03 13:24

Message:
Logged In: YES 
user_id=31435

Reassigned this to Jack.  The list Guido gave was derived 
from a list I gave him, and it didn't include any files 
under the Mac directory:

C:\Code\python\Mac>findstr /m /s sprintf *.c
compat\getwd.c
modules\calldll.c
modules\macfsmodule.c
modules\cf\_cfmodule.c
modules\ctl\_ctlmodule.c
modules\win\_winmodule.c
modules\hfsplusmodule.c
python\macimport.c


----------------------------------------------------------------------

Comment By: Guido van Rossum (gvanrossum)
Date: 2001-12-03 13:10

Message:
Logged In: YES 
user_id=6380

Most of this is done.  There are a few cases left, some
intentionally (and carefully analyzed). I won't close it
yet, but I see no need for the high priority now.

sprintf is still used in:

drawfmodule.c (RISCOS\Modules) -- unsafe, only affects one
platform
getbuildinfo.c (Modules) -- safe
getnameinfo.c (Modules) -- safe
grammar1.c (Parser) -- safe
mactoolboxglue.c (Python) -- safe
stringobject.c (Objects) -- safe
strtod.c (Python) -- probably safe; AFAICT this file is
unused (?)


----------------------------------------------------------------------

You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=486530&group_id=5470