[Python-Dev] Re: mysnprintf broken
Neil Schemenauer
nas@python.ca
Mon, 26 Nov 2001 06:14:07 -0800
M.-A. Lemburg wrote:
> Note that the version in Python does not result in *stack* overflows
> which are the type of buffer overflow usually used in exploits.
...
> The only attack on this kind of emulation is a denial of service
> attack.
That is a bold statement to make. It is also not true. Heap overflows
_can_ be exploited to execute arbitrary code. I believe there was a
phrack article a few years ago on the subject.
> In the 3 cases where this API is used in Python, an overflow
> is not possible (unless the native sprintf() implementation
> is broken).
That may be the case today but I'm sure that snprintf will start getting
more use now that it is available. We really should have a better
implementation than mysnprintf.
Neil