buffer overflow

Tim H tim at frontier.net.nospam
Fri Jan 17 18:57:03 CET 2003


"Tim Peters" <tim.one at comcast.net> wrote in message
news:mailman.1042778911.1136.python-list at python.org...
> [donoli]
> > I have two machines, FreeBSD 4,2  and  W2K pro.  I'd like to test the
> > security on both of them against a buffer overflow.  If someone has
> > the code in python for a buffer overflow, please post it.
> > donoli.
>
> [Martin v. Loewis]
> > Python does not support buffer overflows, sorry.
>
> [pmaney at pobox.com]
> > I'm sure they could be added by a C extension module.
>
> They already were, and, curiously enough, by the builtin bufferobject.c.
> That supplies the builtin, little understood, and easily abused buffer
> object.  For fun, run this:
>
> """
> from array import array
> from random import randrange
>
> i = 0
> while 1:
>     i += 1
>     print i,
>     a = array('c', 'x' * randrange(10000))
>     b = buffer(a)
>     a.extend(array('c', 'y' * randrange(10000)))
>     c = list(b)
> """
>
> Chances are high it will die with a segfault before going around the loop
20
> times, because the buffer object created by buffer() can be left pointing
at
> freed memory by the array object guts getting reallocated, and then
list(b)
> ends up reading God-only-knows-what from the stale buffer object.  Some of
> the smarest people I know have refused to fix this <wink>.
>
>

Hmmm, a Win2k box got to 14, while Linux got to where I got bored and
CTRL-C'ed it.  Does this mean Linux can count higher than Windows?

Tim (not that one)







More information about the Python-list mailing list