[issue20937] test_socket: buffer overflow in sock_recvmsg_guts
Jeffrey Walton
report at bugs.python.org
Sat Mar 15 20:19:21 CET 2014
Jeffrey Walton added the comment:
This does not look quite right from Modules/sockewtmodule.c.
/* Fill in an iovec for each item, and save the Py_buffer
structs to release afterwards. */
if (nitems > 0 && ((iovs = PyMem_New(struct iovec, nitems)) == NULL ||
(bufs = PyMem_New(Py_buffer, nitems)) == NULL)) {
PyErr_NoMemory();
goto finally;
}
for (; nbufs < nitems; nbufs++) {
if (!PyArg_Parse(PySequence_Fast_GET_ITEM(fast, nbufs),
"w*;recvmsg_into() argument 1 must be an iterable "
"of single-segment read-write buffers",
&bufs[nbufs]))
goto finally;
iovs[nbufs].iov_base = bufs[nbufs].buf;
iovs[nbufs].iov_len = bufs[nbufs].len;
}
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue20937>
_______________________________________
More information about the Python-bugs-list
mailing list