Message340421
> In Modules/socketmodule.c , the bluetooth address supplied is vulnerable to integer overflow.
Attached PR 12864 modifies the following code:
unsigned int b0, b1, b2, b3, b4, b5;
char ch;
int n;
n = sscanf(name, "%X:%X:%X:%X:%X:%X%c", &b5, &b4, &b3, &b2, &b1, &b0, &ch);
Can someone please elaborate how this code can trigger an integer overflow? What is the consequence of an integer overflow? Does Python crash? |
|
Date |
User |
Action |
Args |
2019-04-17 17:00:09 | vstinner | set | recipients:
+ vstinner, pitrou, Arfrever, neologix, maker, cheryl.sabella |
2019-04-17 17:00:09 | vstinner | set | messageid: <1555520409.92.0.230450355101.issue18564@roundup.psfhosted.org> |
2019-04-17 17:00:09 | vstinner | link | issue18564 messages |
2019-04-17 17:00:09 | vstinner | create | |
|