Message 329369 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	execve
Recipients	execve, josh.r
Date	2018-11-06.17:16:31
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<RnjB3o-Vi1sCEEhbktZEkg1iFkVcbiFs2qaT3zrSEf7QQbxW4Qzo5aHwKpqGmvhV1dALMYi3pHh729CocXSkXd5QfuPevMbB8fVDtv4T_xc=@protonmail.com>
In-reply-to	<1541524069.14.0.788709270274.issue35180@psf.upfronthosting.co.za>

Content
Hi Josh thanks for answering me and so quick. So if I understood correctly, by inserting an unexpected and unchecked on value, it could lead to a potential vulnerability in the program? Or just a plain failure (which could be a denial of service also)? Thanks again. Sent with ProtonMail Secure Email. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Tuesday, November 6, 2018 5:07 PM, Josh Rosenberg <report@bugs.python.org> wrote: > Josh Rosenberg shadowranger+python@gmail.com added the comment: > > The TypeError on Py3 would be because functions taking c_char_p need bytes-like objects, not str, on Python 3. '%s' % directory is pointless when directory is a str; instead you need to encode it to a bytes-like object, e.g. opendir(os.fsencode(directory)) (os.fsencode is Python 3 specific; plain str works fine on Py 2). > > Your segfault isn't occurring when you load dirfd, it occurs when you call it on the result of opendir, when opendir returned NULL on failure (due to the non-existent directory you call it with). You didn't check the return value, and end up doing flagrantly illegal things with it. > > In neither case is this a bug in Python; ctypes lets you do evil things that break the rules, and if you break the rules the wrong way, segfaults are to be expected. Fix your argument types (for Py3), check your return values (for Py2). > > ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > nosy: +josh.r > resolution: -> not a bug > stage: -> resolved > status: open -> closed > > Python tracker report@bugs.python.org > https://bugs.python.org/issue35180

Hi Josh thanks for answering me and so quick.
So if I understood correctly, by inserting an unexpected and unchecked on value, it could lead to a potential vulnerability in the program? Or just a plain failure (which could be a denial of service also)?

Thanks again.

Sent with ProtonMail Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Tuesday, November 6, 2018 5:07 PM, Josh Rosenberg <report@bugs.python.org> wrote:

> Josh Rosenberg shadowranger+python@gmail.com added the comment:
>
> The TypeError on Py3 would be because functions taking c_char_p need bytes-like objects, not str, on Python 3. '%s' % directory is pointless when directory is a str; instead you need to encode it to a bytes-like object, e.g. opendir(os.fsencode(directory)) (os.fsencode is Python 3 specific; plain str works fine on Py 2).
>
> Your segfault isn't occurring when you load dirfd, it occurs when you call it on the result of opendir, when opendir returned NULL on failure (due to the non-existent directory you call it with). You didn't check the return value, and end up doing flagrantly illegal things with it.
>
> In neither case is this a bug in Python; ctypes lets you do evil things that break the rules, and if you break the rules the wrong way, segfaults are to be expected. Fix your argument types (for Py3), check your return values (for Py2).
>
> -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> nosy: +josh.r
> resolution: -> not a bug
> stage: -> resolved
> status: open -> closed
>
> Python tracker report@bugs.python.org
> https://bugs.python.org/issue35180

History
Date	User	Action	Args
2018-11-06 17:16:31	execve	set	recipients: + execve, josh.r
2018-11-06 17:16:31	execve	link	issue35180 messages
2018-11-06 17:16:31	execve	create