Is python buffer overflow proof?

Neil Hodgson nyamatongwe+thunder at gmail.com
Tue Aug 4 15:32:55 CEST 2009


Thorsten Kampe:

> You cannot create "your own" buffer overflow in Python as you can in C 
> and C++ but your code could still be vulnerable if the underlying Python 
> construct is written in C.

   Python's standard library does now include unsafe constructs.

import ctypes
x = '1234'
# Munging byte 1 OK
ctypes.memset(x, 1, 1)
print(x)
# Next line writes beyond end of variable and crashes
ctypes.memset(x, 1, 20000)
print(x)

   Neil



More information about the Python-list mailing list