classification
Title: pass big values for arg to fcntl.ioctl
Type: behavior Stage: patch review
Components: Versions: Python 3.7, Python 3.6, Python 3.5, Python 2.7
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: cfi, mark.dickinson, serhiy.storchaka, twouters, ukl, vstinner
Priority: normal Keywords: patch

Created on 2017-06-14 14:27 by ukl, last changed 2017-06-20 07:54 by serhiy.storchaka.

Files
File name Uploaded Description Edit
unsigned-long-arg-for-ioctl.patch ukl, 2017-06-14 14:27
Pull Requests
URL Status Linked Edit
PR 2286 open serhiy.storchaka, 2017-06-20 07:50
Messages (4)
msg296008 - (view) Author: Uwe Kleine-König (ukl) * Date: 2017-06-14 14:27
When passing a big integer value to fcntl.ioctl this might result in

     OverflowError: signed integer is greater than maximum

. Traditionally ioctl(3) takes a pointer as third argument. The fcntl module however uses an int (format specifier 'i') which is too small to hold a pointer on 64 bit architectures.

The fix is to use 'k' (and an unsigned long) instead of 'i' (and an int). An unsigned long is suitable to hold a pointer value on AFAIK all platforms that matter today. (And it works on all platforms where int is already good enough, so the suggested change doesn't do any harm.)

A patch is attached.
msg296242 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2017-06-17 16:32
The FreeBSD [1], OpenBSD [2], and Solaris 10 [3] documentations specify the third argument of ioctl() as either an int or a pointer.

Passing a 64-bit long instead of a 32-bit int on big-endian platform can cause incorrect interpretation of an argument.

[1] https://www.freebsd.org/cgi/man.cgi?query=ioctl&sektion=2
[2] http://man.openbsd.org/ioctl.2
[3] https://docs.oracle.com/cd/E26505_01/html/816-5167/ioctl-2.html
msg296307 - (view) Author: Uwe Kleine-König (ukl) * Date: 2017-06-19 08:23
So the only option to fix this is to determine the type of arg from the request parameter? I failed to find the implementation of ioctl for linux in glibc, the best I found is one that only seems to be used on powerpc[1] which seems to assume that the third argument is a pointer. The Linux kernel prototype takes an unsigned long[2] and encodes the size of the data pointed to in the request using _IOC[3]. On hurd there are different macros to determine the type. I'm not fluent in *BSD and Solaris (and other operating systems), so I cannot add specifics for them. I cannot even say which OS that runs Python can run in 64 bit BE mode.

[1] https://sourceware.org/git/?p=glibc.git;a=blob;f=sysdeps/unix/sysv/linux/powerpc/ioctl.c;h=e2e3d3357f9f5ee9ffe5e9f0588ebae9976c0dfd;hb=HEAD
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/fs/ioctl.c?h=v4.12-rc5#n691
[3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/include/uapi/asm-generic/ioctl.h
msg296405 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2017-06-20 07:54
PR 2286 uses for the third argument char* on Linux and int or unsigned int on other platforms. It keeps some degree of integer overflow control.
History
Date User Action Args
2017-06-20 07:54:33serhiy.storchakasetversions: + Python 2.7, Python 3.6, Python 3.7
nosy: + twouters, mark.dickinson

messages: + msg296405

stage: patch review
2017-06-20 07:50:47serhiy.storchakasetpull_requests: + pull_request2334
2017-06-19 08:23:58uklsetmessages: + msg296307
2017-06-17 16:32:21serhiy.storchakasetnosy: + serhiy.storchaka
messages: + msg296242
2017-06-17 15:54:20cfisetnosy: + cfi
2017-06-14 15:02:01vstinnersetnosy: + vstinner
2017-06-14 14:27:52uklcreate