[Python-Dev] Overflow in socketmodule.c?
Mihai Ibanescu
misa at redhat.com
Thu Nov 4 18:47:26 CET 2004
On Thu, Nov 04, 2004 at 03:56:07PM +0000, Gustavo J. A. M. Carneiro wrote:
> Qui, 2004-11-04 às 10:38 -0500, Mihai Ibanescu escreveu:
> > Hello,
> >
> > Can someone confirm this is indeed an overflow by one in socketmodule.c?
> >
> >
> > static PyObject *
> > socket_inet_ntop(PyObject *self, PyObject *args)
> > {
> > int af;
> > char* packed;
> > int len;
> > const char* retval;
> > #ifdef ENABLE_IPV6
> > char ip[MAX(INET_ADDRSTRLEN, INET6_ADDRSTRLEN) + 1];
> > #else
> > char ip[INET_ADDRSTRLEN + 1];
> > #endif
> >
> > /* Guarantee NUL-termination for PyString_FromString() below */
> > memset((void *) &ip[0], '\0', sizeof(ip) + 1);
> >
> >
> > If it is I'll go ahead and file it.
>
> Indeed, looks like buffer overflow to me..
Filed as SF bug 105470
Misa
More information about the Python-Dev
mailing list