Message329369
Hi Josh thanks for answering me and so quick.
So if I understood correctly, by inserting an unexpected and unchecked on value, it could lead to a potential vulnerability in the program? Or just a plain failure (which could be a denial of service also)?
Thanks again.
Sent with ProtonMail Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Tuesday, November 6, 2018 5:07 PM, Josh Rosenberg <report@bugs.python.org> wrote:
> Josh Rosenberg shadowranger+python@gmail.com added the comment:
>
> The TypeError on Py3 would be because functions taking c_char_p need bytes-like objects, not str, on Python 3. '%s' % directory is pointless when directory is a str; instead you need to encode it to a bytes-like object, e.g. opendir(os.fsencode(directory)) (os.fsencode is Python 3 specific; plain str works fine on Py 2).
>
> Your segfault isn't occurring when you load dirfd, it occurs when you call it on the result of opendir, when opendir returned NULL on failure (due to the non-existent directory you call it with). You didn't check the return value, and end up doing flagrantly illegal things with it.
>
> In neither case is this a bug in Python; ctypes lets you do evil things that break the rules, and if you break the rules the wrong way, segfaults are to be expected. Fix your argument types (for Py3), check your return values (for Py2).
>
> -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> nosy: +josh.r
> resolution: -> not a bug
> stage: -> resolved
> status: open -> closed
>
> Python tracker report@bugs.python.org
> https://bugs.python.org/issue35180 |
|
Date |
User |
Action |
Args |
2018-11-06 17:16:31 | execve | set | recipients:
+ execve, josh.r |
2018-11-06 17:16:31 | execve | link | issue35180 messages |
2018-11-06 17:16:31 | execve | create | |
|