-
-
Notifications
You must be signed in to change notification settings - Fork 29.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
posix_lchown: possible overflow of uid, gid #51122
Comments
posix_lchown(PyObject *self, PyObject *args)
{
...
int uid, gid;
...
if (!PyArg_ParseTuple(args, "etii:lchown",
Py_FileSystemDefaultEncoding, &path,
&uid, &gid))
...
} uid and gid could cause over flow. A similar bug is bpo-5705. Patch attached. Any comment is appreciated! Boya |
posix modules contains a lot of function parsing uid_t / gid_t types. I would be Such callbacks will be useful for: posix_chown(), posix_fchown(), And maybe also in: posix_setgroups(). In Python trunk, posix_set*id() function do check for uid_t/gid_d overflow, but |
The patch is incorrect. Why do you think there is an overflow? There is In addition, the *actual* overflow in the current code (casting to uid_t) |
Martin, The reason why I think there is a possible overflow is that according to And you're right. The previous patch is incorrect. I now submitted --- I agree that all posix_*chown() functions should also be fixed for the |
I think the new patch is still incorrect. You now pass long variables into Can you try your patch on a system where all this is an actual problem? |
@loewis: I don't think that the explicit cast is required. posix_setuid() has no |
Martin, I am sorry that I do not have a system where this code actually --- Do you also agree that it will cause a problem if I pass a long to the i Boya |
Correct. So you should use the l argument parser. |
Martin, Corrected the patch accordingly. Can you verify whether the fix is Boya |
Yes, it looks correct now. I still wish it could be tested on a system |
I applied the same fix that was applied to chown in trunk r77007 for The existing code might still have issues if there are platforms where |
Gregory, I discovered this bug by static analysis, so I do not have a system Boya |
a test would still be a good thing but this should be fixed regardless. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: