buffer overflow
Tim H
tim at frontier.net.nospam
Fri Jan 17 12:57:03 EST 2003
"Tim Peters" <tim.one at comcast.net> wrote in message
news:mailman.1042778911.1136.python-list at python.org...
> [donoli]
> > I have two machines, FreeBSD 4,2 and W2K pro. I'd like to test the
> > security on both of them against a buffer overflow. If someone has
> > the code in python for a buffer overflow, please post it.
> > donoli.
>
> [Martin v. Loewis]
> > Python does not support buffer overflows, sorry.
>
> [pmaney at pobox.com]
> > I'm sure they could be added by a C extension module.
>
> They already were, and, curiously enough, by the builtin bufferobject.c.
> That supplies the builtin, little understood, and easily abused buffer
> object. For fun, run this:
>
> """
> from array import array
> from random import randrange
>
> i = 0
> while 1:
> i += 1
> print i,
> a = array('c', 'x' * randrange(10000))
> b = buffer(a)
> a.extend(array('c', 'y' * randrange(10000)))
> c = list(b)
> """
>
> Chances are high it will die with a segfault before going around the loop
20
> times, because the buffer object created by buffer() can be left pointing
at
> freed memory by the array object guts getting reallocated, and then
list(b)
> ends up reading God-only-knows-what from the stale buffer object. Some of
> the smarest people I know have refused to fix this <wink>.
>
>
Hmmm, a Win2k box got to 14, while Linux got to where I got bored and
CTRL-C'ed it. Does this mean Linux can count higher than Windows?
Tim (not that one)
More information about the Python-list
mailing list