This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Title: Ensure that PyCapsule_GetPointer calls in ctypes handle errors appropriately
Type: behavior Stage: resolved
Components: Interpreter Core Versions: Python 3.1, Python 3.2
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: benjamin.peterson, larry
Priority: normal Keywords:

Created on 2009-05-05 07:40 by larry, last changed 2022-04-11 14:56 by admin. This issue is now closed.

Messages (4)
msg87215 - (view) Author: Larry Hastings (larry) * (Python committer) Date: 2009-05-05 07:40
If my patch in issue 53046 is accepted, I hereby agree to figure out if
the calls to PyCapsule_GetPointer() in Modules/_ctypes/callproc.c need
more error checking or what.
msg99898 - (view) Author: Larry Hastings (larry) * (Python committer) Date: 2010-02-23 04:20
I finally reviewed this, and I think it does need additional armor against attack.  I think a user could insert a different object into the thread local dict with the hard-coded name and get CPython to crash.

This patch fixes the vulnerability:

If this goes in, I'll add it to the backport for 2.7.
msg100074 - (view) Author: Larry Hastings (larry) * (Python committer) Date: 2010-02-24 22:51
Committed in r78435.
msg100075 - (view) Author: Larry Hastings (larry) * (Python committer) Date: 2010-02-24 23:00
Backported to release31-maint, checked in as r78436.  Thanks R. David Murray!
Date User Action Args
2022-04-11 14:56:48adminsetgithub: 50189
2010-02-24 23:00:09larrysetmessages: + msg100075
versions: + Python 3.1
2010-02-24 22:51:09larrysetstatus: open -> closed
versions: + Python 3.2, - Python 3.1
messages: + msg100074

resolution: fixed
stage: resolved
2010-02-23 04:20:46larrysetmessages: + msg99898
2009-05-05 07:40:47larrycreate