[Patches] [ python-Patches-703471 ] (Security Problem) base64.decodestring exposes garbage value
SourceForge.net
noreply@sourceforge.net
Fri, 14 Mar 2003 07:19:21 -0800
Patches item #703471, was opened at 2003-03-14 03:18
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=703471&group_id=5470
Category: Library (Lib)
Group: Python 2.3
Status: Open
Resolution: None
>Priority: 8
Submitted By: Hye-Shik Chang (perky)
Assigned to: Nobody/Anonymous (nobody)
Summary: (Security Problem) base64.decodestring exposes garbage value
Initial Comment:
>>> import base64
>>> base64.decodestring("###################")
'\x0cD\x1a\x08\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
>>> base64.decodestring(".....")
'ps2\x00\x00t'
>>> base64.decodestring("........................")
'\x0cF\x1a\x08\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
>>>
base64.decodestring(".................................................")
'.............................."\x00\x00\x00\x00\x00\x00\x00\x00'
This exposes unexpected values that deallocated recently.
(some my cgi script showed garbage that contains a
database password in offensive query)
----------------------------------------------------------------------
>Comment By: Tim Peters (tim_one)
Date: 2003-03-14 10:19
Message:
Logged In: YES
user_id=31435
Yikes! Boosted priority way up. A quick check shows that
my Python 2.2.2 also appears to "decode" free'd RAM here
on Windows.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=703471&group_id=5470