[Python-Dev] PyArg_ParseTupe(): parse unsigned integer and check for overflow

Nadeem Vawda nadeem.vawda at gmail.com
Sat Jun 29 17:16:46 CEST 2013


On Thu, Jun 27, 2013 at 12:07 AM, Victor Stinner
<victor.stinner at gmail.com>wrote:

> I would to parse an integer in [0; UINT_MAX] to fix the zlib module on
> 64-bit system:
> http://bugs.python.org/issue18294
>
> How should I implement that? Use "O" format and then use
> PyLong_Check(), PyLong_AsLong(), and check value <= UINT_MAX?
>

I ran into the same problem in the _lzma module. My solution was to define
a custom converter that does an explicit check before returning the value
(see http://hg.python.org/cpython/file/default/Modules/_lzmamodule.c#l134).

On Thu, Jun 27, 2013 at 12:26 AM, Guido van Rossum <guido at python.org> wrote:

> > I would to parse an integer in [0; UINT_MAX] to fix the zlib module on
> > 64-bit system:
> > http://bugs.python.org/issue18294
> >
> > How should I implement that? Use "O" format and then use
> > PyLong_Check(), PyLong_AsLong(), and check value <= UINT_MAX?
>
> Why can't you use the K format? It won't reject out-of-range values,
> but it will convert them to in-range so there aren't any attacks
> possible based on bypassing the range check. I'm probably
> misunderstanding something -- I don't completely understand that bug
> report. :-(


The point is not to protect against deliberate attacks, but rather to fail
loudly (instead of silently) when the caller provides an input that the
underlying C library cannot handle.

- Nadeem
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20130629/59b000a4/attachment.html>


More information about the Python-Dev mailing list