Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Buffer overrun in binascii #71786

Closed
serhiy-storchaka opened this issue Jul 23, 2016 · 3 comments
Closed

Buffer overrun in binascii #71786

serhiy-storchaka opened this issue Jul 23, 2016 · 3 comments
Labels
3.7 (EOL) end of life extension-modules C modules in the Modules dir type-bug An unexpected behavior, bug, or error

Comments

@serhiy-storchaka
Copy link
Member

BPO 27599
Nosy @vstinner, @serhiy-storchaka
PRs
  • [Do Not Merge] Convert Misc/NEWS so that it is managed by towncrier #552
    		•
    Files
  • binascii_qp_overrun.patch
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = None
closed_at = <Date 2016-09-14.13:40:09.228>
created_at = <Date 2016-07-23.16:31:32.841>
labels = ['extension-modules', 'type-bug', '3.7']
title = 'Buffer overrun in binascii'
updated_at = <Date 2017-03-31.16:36:11.573>
user = 'https://github.com/serhiy-storchaka'

    bugs.python.org fields:

    activity = <Date 2017-03-31.16:36:11.573>
actor = 'dstufft'
assignee = 'none'
closed = True
closed_date = <Date 2016-09-14.13:40:09.228>
closer = 'serhiy.storchaka'
components = ['Extension Modules']
creation = <Date 2016-07-23.16:31:32.841>
creator = 'serhiy.storchaka'
dependencies = []
files = ['44103']
hgrepos = []
issue_num = 27599
keywords = ['patch']
message_count = 3.0
messages = ['271092', '272685', '276446']
nosy_count = 3.0
nosy_names = ['vstinner', 'python-dev', 'serhiy.storchaka']
pr_nums = ['552']
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'behavior'
url = 'https://bugs.python.org/issue27599'
versions = ['Python 2.7', 'Python 3.5', 'Python 3.6', 'Python 3.7']
    @serhiy-storchaka
    Copy link
    Member Author

    There is reading one byte past the end of the input buffer in binascii.b2a_qp(). Following example shows the behavior difference depending on the value of this byte:

    >>> binascii.b2a_qp(memoryview(b'..')[:-1])
b'.'
>>> binascii.b2a_qp(bytes(memoryview(b'..')[:-1]))
b'=2E'

    In rare cases (memoryview of mmap object or custom buffer) this can cause a segfault.

    Maybe there are similar issues with other binascii functions (not checked).

    @serhiy-storchaka serhiy-storchaka added extension-modules C modules in the Modules dir type-bug An unexpected behavior, bug, or error labels Jul 23, 2016
    @serhiy-storchaka
    Copy link
    Member Author

    Here is a patch that fixes buffer overrun in binascii.b2a_qp() and binascii.a2b_qp() and adds additional tests.

    @python-dev
    Copy link
    Mannequin

    python-dev mannequin commented Sep 14, 2016

    New changeset 423ad3b14ee1 by Serhiy Storchaka in branch '3.5':
    Issue bpo-27599: Fixed buffer overrun in binascii.b2a_qp() and binascii.a2b_qp().
    https://hg.python.org/cpython/rev/423ad3b14ee1

    New changeset fbc579ec36ab by Serhiy Storchaka in branch '2.7':
    Issue bpo-27599: Fixed buffer overrun in binascii.b2a_qp() and binascii.a2b_qp().
    https://hg.python.org/cpython/rev/fbc579ec36ab

    New changeset d53e1a5576e6 by Serhiy Storchaka in branch '3.6':
    Issue bpo-27599: Fixed buffer overrun in binascii.b2a_qp() and binascii.a2b_qp().
    https://hg.python.org/cpython/rev/d53e1a5576e6

    New changeset 56294e03ad89 by Serhiy Storchaka in branch 'default':
    Issue bpo-27599: Fixed buffer overrun in binascii.b2a_qp() and binascii.a2b_qp().
    https://hg.python.org/cpython/rev/56294e03ad89

    @serhiy-storchaka serhiy-storchaka added the 3.7 (EOL) end of life label Sep 14, 2016
    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Assignees
    No one assigned
    Labels
    3.7 (EOL) end of life extension-modules C modules in the Modules dir type-bug An unexpected behavior, bug, or error
    Projects
    None yet
    Milestone
    No milestone
    Development

    No branches or pull requests
    1 participant
    @serhiy-storchaka