➜
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2009-05-05 07:40 by larry, last changed 2022-04-11 14:56 by admin. This issue is now closed.
| Messages (4) | |||
|---|---|---|---|
| msg87215 - (view) | Author: Larry Hastings (larry) *  |
Date: 2009-05-05 07:40 | |
If my patch in issue 53046 is accepted, I hereby agree to figure out if the calls to PyCapsule_GetPointer() in Modules/_ctypes/callproc.c need more error checking or what. |
|||
| msg99898 - (view) | Author: Larry Hastings (larry) * |
Date: 2010-02-23 04:20 | |
I finally reviewed this, and I think it does need additional armor against attack. I think a user could insert a different object into the thread local dict with the hard-coded name and get CPython to crash. This patch fixes the vulnerability: http://codereview.appspot.com/217092/show If this goes in, I'll add it to the backport for 2.7. |
|||
| msg100074 - (view) | Author: Larry Hastings (larry) * |
Date: 2010-02-24 22:51 | |
Committed in r78435. |
|||
| msg100075 - (view) | Author: Larry Hastings (larry) * |
Date: 2010-02-24 23:00 | |
Backported to release31-maint, checked in as r78436. Thanks R. David Murray! |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:56:48 | admin | set | github: 50189 |
| 2010-02-24 23:00:09 | larry | set | messages:
+ msg100075 versions: + Python 3.1 |
| 2010-02-24 22:51:09 | larry | set | status: open -> closed versions: + Python 3.2, - Python 3.1 messages: + msg100074 resolution: fixed stage: resolved |
| 2010-02-23 04:20:46 | larry | set | messages: + msg99898 |
| 2009-05-05 07:40:47 | larry | create | |