Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ErrorHandler buffer overflow in ?unused? SGI extension module almodule.c #46843

Closed
jnferguson mannequin opened this issue Apr 8, 2008 · 2 comments
Closed

ErrorHandler buffer overflow in ?unused? SGI extension module almodule.c #46843

jnferguson mannequin opened this issue Apr 8, 2008 · 2 comments
Labels
extension-modules C modules in the Modules dir type-security A security issue

Comments

@jnferguson
Copy link
Mannequin

jnferguson mannequin commented Apr 8, 2008

BPO 2591
Nosy @gvanrossum

Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

Show more details

GitHub fields:

assignee = None
closed_at = <Date 2009-03-29.03:14:07.102>
created_at = <Date 2008-04-08.16:13:32.653>
labels = ['type-security', 'extension-modules']
title = 'ErrorHandler buffer overflow in ?unused? SGI extension module almodule.c'
updated_at = <Date 2009-03-29.03:14:07.082>
user = 'https://bugs.python.org/jnferguson'

bugs.python.org fields:

activity = <Date 2009-03-29.03:14:07.082>
actor = 'gvanrossum'
assignee = 'none'
closed = True
closed_date = <Date 2009-03-29.03:14:07.102>
closer = 'gvanrossum'
components = ['Extension Modules']
creation = <Date 2008-04-08.16:13:32.653>
creator = 'jnferguson'
dependencies = []
files = []
hgrepos = []
issue_num = 2591
keywords = []
message_count = 2.0
messages = ['65180', '84364']
nosy_count = 2.0
nosy_names = ['gvanrossum', 'jnferguson']
pr_nums = []
priority = 'normal'
resolution = 'wont fix'
stage = None
status = 'closed'
superseder = None
type = 'security'
url = 'https://bugs.python.org/issue2591'
versions = ['Python 2.5']
@jnferguson
Copy link
Mannequin Author

jnferguson mannequin commented Apr 8, 2008

I don't think any of these SGI modules even get used, but they're really
buggy-- you guys might want to consider just dropping them all together.

When printing errors larger than 128 bytes a stack based overflow occurs.

44 static void
45 ErrorHandler(long code, const char *fmt, ...)
46 {
47 va_list args;
48 char buf[128];
49
50 va_start(args, fmt);
51 vsprintf(buf, fmt, args);
52 va_end(args);
53 PyErr_SetString(ErrorObject, buf);
54 }

@jnferguson jnferguson mannequin added extension-modules C modules in the Modules dir type-security A security issue labels Apr 8, 2008
@gvanrossum
Copy link
Member

(Almost) nobody uses these any more, so let's close as won't fix. The
SGI modules are removed from 3.0. The few people who still have Irix
could probably care less about the buffer overflows, but they *might*
care about the modules (otherwise they wouldn't be on Irix :-).

@ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
extension-modules C modules in the Modules dir type-security A security issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gvanrossum