Message 42082 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	nnorwitz
Recipients
Date	2002-12-31.00:11:51
SpamBayes Score
Marked as misclassified
Message-id
In-reply-to

Content
Logged In: YES user_id=33168 ISTM that in socket_inet_ntop() you need to verify the size of the packed value passed in. If the user passes an empty string, inet_ntop() could read beyond the buffer passed in, potentially causing a core dump. The checks could be something like this: if (af == AF_INET && len != sizeof(struct in_addr)) else if (af == AF_INET6 && len != sizeof(struct in6_addr)) Do this make sense?

Logged In: YES 
user_id=33168

ISTM that in socket_inet_ntop() you need to verify the size
of the packed value passed in.  If the user passes an empty
string, inet_ntop() could read beyond the buffer passed in,
potentially causing a core dump.

The checks could be something like this:

  if (af == AF_INET && len != sizeof(struct in_addr))
  else if (af == AF_INET6 && len != sizeof(struct in6_addr))

Do this make sense?

History
Date	User	Action	Args
2007-08-23 15:19:11	admin	link	issue658327 messages
2007-08-23 15:19:11	admin	create