[Python-Dev] PyErr_Format security note
Christian Tismer
tismer@appliedbiometrics.com
Mon, 15 Nov 1999 20:41:14 +0100
Guido van Rossum wrote:
>
> > All but one (checked them all):
[ceval.c without limits]
> I would think that an extension module with a name of nearly 500
> characters would draw a lot of attention as being ridiculous. If
> there was a bug through which you could make tp_name point to such a
> long string, you could probably exploit that bug without having to use
> this particular PyErr_Format() statement.
Of course this case is very unlikely.
My primary intent was to create such a mess without
an extension, and ExtensionClass seemed to be a candidate since
it synthetizes a type name at runtime (!).
This would have been dangerous since EC is in the heart of Zope.
But, I could not get at this special case since EC always
stands the class/instance checks and so this case can never happen :(
The above lousy result was just to say *something* after no success.
> However, I agree it's better to be safe than sorry, so I've checked in
> a fix making it %.400s.
cheap, consistent, fine - thanks - chris
--
Christian Tismer :^) <mailto:tismer@appliedbiometrics.com>
Applied Biometrics GmbH : Have a break! Take a ride on Python's
Kaiserin-Augusta-Allee 101 : *Starship* http://starship.python.net
10553 Berlin : PGP key -> http://wwwkeys.pgp.net
PGP Fingerprint E182 71C7 1A9D 66E9 9D15 D3CC D4D7 93E2 1FAE F6DF
we're tired of banana software - shipped green, ripens at home