buffer overflow

donoli eat at joes.com
Sat Jan 18 03:38:27 CET 2003


On Thu, 16 Jan 2003 23:47:02 -0500, Tim Peters <tim.one at comcast.net>
wrote:

>[donoli]
>> I have two machines, FreeBSD 4,2  and  W2K pro.  I'd like to test the
>> security on both of them against a buffer overflow.  If someone has
>> the code in python for a buffer overflow, please post it.
>> donoli.
>
>[Martin v. Loewis]
>> Python does not support buffer overflows, sorry.
>
>[pmaney at pobox.com]
>> I'm sure they could be added by a C extension module.
>
>They already were, and, curiously enough, by the builtin bufferobject.c.
>That supplies the builtin, little understood, and easily abused buffer
>object.  For fun, run this:
>
>"""
>from array import array
>from random import randrange
>
>i = 0
>while 1:
>    i += 1
>    print i,
>    a = array('c', 'x' * randrange(10000))
>    b = buffer(a)
>    a.extend(array('c', 'y' * randrange(10000)))
>    c = list(b)
>"""
>
>Chances are high it will die with a segfault before going around the loop 20
>times, because the buffer object created by buffer() can be left pointing at
>freed memory by the array object guts getting reallocated, and then list(b)
>ends up reading God-only-knows-what from the stale buffer object.  Some of
>the smarest people I know have refused to fix this <wink>.
>
#######################
On W2K the code just forced python to close.  It didn't hang the
machine.  On FreeBSD it gave me some errors.  Here they are:
from: can't  read /vasr/mail/array
from: can't read /var/mail/random
9: Syntax error: '(' unexpected (expecting 'do')

I also tried it as a remote exploit from one machine to another which
was my original intenetion but I failed to mention it in my original
post.  I wanted to find some code where I could do something like:
python buffer.py > 192.160.0.2    That also forced python to close.

Is there a way to do something like that?  Also, can you explain
bufferobjet.c?

Thanks 
donoli.
#######################




More information about the Python-list mailing list