[issue24933] socket.recv(size, MSG_TRUNC) returns more than size bytes
Christian Heimes
report at bugs.python.org
Mon Sep 26 10:59:57 EDT 2016
Christian Heimes added the comment:
MSG_TRUNC literally causes a buffer overflow. In the example sock_recv() and friends only allocate a buffer of size 1 on the heap. With MSG_TRUNC recv() ignores the maximum size and writes beyond the buffer. We cannot recover from a buffer overflow because the overflow might have damanged other data structures. Instead Python should detect the problem and forcefully abort() the process with Py_FatalError().
----------
priority: normal -> critical
versions: +Python 3.7
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue24933>
_______________________________________
More information about the Python-bugs-list
mailing list