New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pickle crashes unpickling invalid NEWOBJ_EX opcode #85460
Comments
The following code generates a segfault on the Pickle module [it's a crafted datetime object] (Python 3.10.0a0 (heads/master:b40e434, Jul 4 2020), Python 3.6.11 and Python 3.7.2): import io
import pickle
hex_string = "8004952A000000000000008C086461746574696D65948C086461746574696D65949388430A07B2010100000000000092059452942E"
myb = bytes.fromhex(hex_string)
f = io.BytesIO(myb)
print(f)
data = pickle.load(f)
print(data)
print('We have segfault but we cannot see!') |
datetime_new assumes that args is a tuple. load_newobj_ex() doesn't check that args is a tuple and kwargs is a dictionary. The demo exploit passes #0 datetime_new (type=0x7fffea5d2740 <PyDateTime_DateTimeType>, args=True, kw=b'\x07\xb2\x01\x01\x00\x00\x00\x00\x00\x00') at /usr/src/debug/python3-3.8.3-2.fc32.x86_64/Modules/_datetimemodule.c:4737 |
Ned, would you like to get this fix backported to 3.6 and 3.7? |
Sounds like a good idea. |
Is this fix causing the refleak build to fail on 3.8? See: https://buildbot.python.org/all/#/builders/484/builds/149 |
This fix touched the unpickling code, and the test crashed during pickling, so it is not directly related. But it may be some compiler glitch, when changing one part of code affects compilation of other parts of code. The next run on the buildbot was passed, and there were failures in the past (but logs were not saved), so it may be just unstable test. |
@serhiy.storchaka Hi Serhiy, do you count this issue as a security issue? Also, I didn't see that in the latest changelog. Is it now patched on the latest version? https://docs.python.org/release/3.8.5/whatsnew/changelog.html |
I do not think it is a security issue. The crash cannot be triggered by the user input unless you accept the pickle data from untrusted sources, but in that case you are in large danger, because you allow executing arbitrary code. The changes in this issue just help to debug in some cases when you play with pickle format. In any case thank you for your report. |
Thank you for patching that. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: