[Python-Dev] Overflow in socketmodule.c?
Gustavo J. A. M. Carneiro
gjc at inescporto.pt
Thu Nov 4 16:56:07 CET 2004
Qui, 2004-11-04 às 10:38 -0500, Mihai Ibanescu escreveu:
> Hello,
>
> Can someone confirm this is indeed an overflow by one in socketmodule.c?
>
>
> static PyObject *
> socket_inet_ntop(PyObject *self, PyObject *args)
> {
> int af;
> char* packed;
> int len;
> const char* retval;
> #ifdef ENABLE_IPV6
> char ip[MAX(INET_ADDRSTRLEN, INET6_ADDRSTRLEN) + 1];
> #else
> char ip[INET_ADDRSTRLEN + 1];
> #endif
>
> /* Guarantee NUL-termination for PyString_FromString() below */
> memset((void *) &ip[0], '\0', sizeof(ip) + 1);
>
>
> If it is I'll go ahead and file it.
Indeed, looks like buffer overflow to me..
>
> Thanks,
> Misa
> _______________________________________________
> Python-Dev mailing list
> Python-Dev at python.org
> http://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe: http://mail.python.org/mailman/options/python-dev/gjc%40inescporto.pt
--
Gustavo J. A. M. Carneiro
<gjc at inescporto.pt> <gustavo at users.sourceforge.net>
The universe is always one step beyond logic.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3086 bytes
Desc: not available
Url : http://mail.python.org/pipermail/python-dev/attachments/20041104/2ddbd9ea/smime.bin
More information about the Python-Dev
mailing list