[Python-Dev] sprintf() usage (Re: mysnprintf broken)
Martin v. Loewis
martin@v.loewis.de
Tue, 27 Nov 2001 21:18:05 +0100
> Grepping through the Python source code there are 191
> usages of sprintf() -- shouldn't these be modified to
> use PyOS_snprintf() instead ?
Not necessarily. sprintf is perfectly ok if used correctly (i.e. if
you can guarantee an upper bound on the resulting string length, and
compute this bound either statically or dynamically).
> Python/getargs.c would be a particularly important case
> to fix, since the sprintf()s in there are not protected
> against buffer overflows -- it seems that long function
> names could be used to exploit this, e.g. in multi-user
> environments like Zope to obtain admin priviledges.
That indeed appears to be the case. However, given
char buf[256];
sprintf(p, "%s() ", fname);
I think the correct reformulation should be
char buf[256];
sprintf(p, "%.100s() ", fname);
In seterror, you add then a number of strings containing each a %d
(adding 20 bytes worst-case each), where the loop should terminate if
there are only, say, 140 bytes left; the final printf could then use
%.100s.
Alternatively, you could use "%.*s" through-out, operating with the
lengths of the strings themselves.
Regards,
Martin