Message 217049 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	jcea
Recipients	jcea, jwilk, wodny
Date	2014-04-23.02:34:07
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1398220448.44.0.202251378366.issue21324@psf.upfronthosting.co.za>
In-reply-to

Content
Experimenting with this, looks like the content leak is inside Berkeley DB code. The leak is always on offset X*4096 bytes away when the database pagesize is 4096 bytes. Looks like this is an important hint, since Python itself knows nothing about database pagesize. For instance: >>> a=open("secrets.db").read() >>> a.find("secret") 21184 >>> a.find("secret",21185) 25280 >>> 25280-21184 4096 >>> a.find("secret",25281) 37568 >>> 37568-25280 12288 >>> 12288/4096.0 3.0

Experimenting with this, looks like the content leak is inside Berkeley DB code. The leak is always on offset X*4096 bytes away when the database pagesize is 4096 bytes. Looks like this is an important hint, since Python itself knows nothing about database pagesize.

For instance:

>>> a=open("secrets.db").read()
>>> a.find("secret")
21184
>>> a.find("secret",21185)
25280
>>> 25280-21184
4096
>>> a.find("secret",25281)
37568
>>> 37568-25280
12288
>>> 12288/4096.0
3.0

History
Date	User	Action	Args
2014-04-23 02:34:08	jcea	set	recipients: + jcea, jwilk, wodny
2014-04-23 02:34:08	jcea	set	messageid: <1398220448.44.0.202251378366.issue21324@psf.upfronthosting.co.za>
2014-04-23 02:34:08	jcea	link	issue21324 messages
2014-04-23 02:34:07	jcea	create