buffer overflow
Thomas Heller
theller at python.net
Fri Jan 17 13:22:58 EST 2003
"Tim H" <tim at frontier.net.nospam> writes:
> "Tim Peters" <tim.one at comcast.net> wrote in message
> news:mailman.1042778911.1136.python-list at python.org...
> > [donoli]
> > > I have two machines, FreeBSD 4,2 and W2K pro. I'd like to test the
> > > security on both of them against a buffer overflow. If someone has
> > > the code in python for a buffer overflow, please post it.
> > > donoli.
> >
> > [Martin v. Loewis]
> > > Python does not support buffer overflows, sorry.
> >
> > [pmaney at pobox.com]
> > > I'm sure they could be added by a C extension module.
> >
> > They already were, and, curiously enough, by the builtin bufferobject.c.
> > That supplies the builtin, little understood, and easily abused buffer
> > object. For fun, run this:
> >
> > """
> > from array import array
> > from random import randrange
> >
> > i = 0
> > while 1:
> > i += 1
> > print i,
> > a = array('c', 'x' * randrange(10000))
> > b = buffer(a)
> > a.extend(array('c', 'y' * randrange(10000)))
> > c = list(b)
> > """
> >
> > Chances are high it will die with a segfault before going around the loop
> 20
> > times, because the buffer object created by buffer() can be left pointing
> at
> > freed memory by the array object guts getting reallocated, and then
> list(b)
> > ends up reading God-only-knows-what from the stale buffer object. Some of
> > the smarest people I know have refused to fix this <wink>.
> >
> >
>
> Hmmm, a Win2k box got to 14, while Linux got to where I got bored and
> CTRL-C'ed it. Does this mean Linux can count higher than Windows?
>
No, it means that these kind of bugs are easier to find on Windows
than on Linux ;-)
Thomas
More information about the Python-list
mailing list