classification
Title: Stack buffer overflow in parsing J1939 network address
Type: crash Stage: resolved
Components: Extension Modules Versions: Python 3.11, Python 3.10, Python 3.9
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: miss-islington, serhiy.storchaka
Priority: normal Keywords: patch

Created on 2021-09-17 06:56 by serhiy.storchaka, last changed 2021-09-17 11:51 by serhiy.storchaka. This issue is now closed.

Files
File name Uploaded Description Edit
J1939Test.log serhiy.storchaka, 2021-09-17 06:56
Pull Requests
URL Status Linked Edit
PR 28404 merged serhiy.storchaka, 2021-09-17 07:03
PR 28406 merged miss-islington, 2021-09-17 08:46
PR 28407 merged miss-islington, 2021-09-17 08:46
Messages (4)
msg402003 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2021-09-17 06:56
It can be reproduced when run test.test_socket.J1939Test (omitted in regrtests now, see issue45187) with Address Sanitizer. See for example https://github.com/python/cpython/pull/28317/checks?check_run_id=3625390397.

It can be reproduced when run test.test_socket.J1939Test with unittest:

$ ./python -m unittest -v test.test_socket -k J1939Test

See J1939Test.log for output.

The cause is using PyArg_ParseTuple() with format unit "k" (unsigned long) and variable of type uint32_t. PyArg_ParseTuple() should only be used with native integer types (short, int, long, long long), it does not support support types of fixed size (uint16_t, uint32_t, uint64_t).
msg402011 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2021-09-17 08:46
New changeset 773319545ba60577bc140aa46eac83b360240b7a by Serhiy Storchaka in branch 'main':
bpo-45228: Fix stack buffer overflow in parsing J1939 address (GH-28404)
https://github.com/python/cpython/commit/773319545ba60577bc140aa46eac83b360240b7a
msg402013 - (view) Author: miss-islington (miss-islington) Date: 2021-09-17 09:09
New changeset 62c74f34e7541cf5c9780661b260c53617291804 by Miss Islington (bot) in branch '3.10':
bpo-45228: Fix stack buffer overflow in parsing J1939 address (GH-28404)
https://github.com/python/cpython/commit/62c74f34e7541cf5c9780661b260c53617291804
msg402015 - (view) Author: miss-islington (miss-islington) Date: 2021-09-17 09:10
New changeset 98fef200bbfd8adec27799265deb200ab5e4513e by Miss Islington (bot) in branch '3.9':
bpo-45228: Fix stack buffer overflow in parsing J1939 address (GH-28404)
https://github.com/python/cpython/commit/98fef200bbfd8adec27799265deb200ab5e4513e
History
Date User Action Args
2021-09-17 11:51:16serhiy.storchakasetstatus: open -> closed
resolution: fixed
stage: patch review -> resolved
2021-09-17 09:10:58miss-islingtonsetmessages: + msg402015
2021-09-17 09:09:34miss-islingtonsetmessages: + msg402013
2021-09-17 08:46:32miss-islingtonsetpull_requests: + pull_request26819
2021-09-17 08:46:29miss-islingtonsetnosy: + miss-islington
pull_requests: + pull_request26818
2021-09-17 08:46:26serhiy.storchakasetmessages: + msg402011
2021-09-17 07:03:42serhiy.storchakasetkeywords: + patch
stage: patch review
pull_requests: + pull_request26816
2021-09-17 07:01:34serhiy.storchakasetversions: + Python 3.9, Python 3.10
2021-09-17 06:57:18serhiy.storchakalinkissue45187 dependencies
2021-09-17 06:56:42serhiy.storchakacreate