Is python buffer overflow proof?
Neil Hodgson
nyamatongwe+thunder at gmail.com
Tue Aug 4 09:32:55 EDT 2009
Thorsten Kampe:
> You cannot create "your own" buffer overflow in Python as you can in C
> and C++ but your code could still be vulnerable if the underlying Python
> construct is written in C.
Python's standard library does now include unsafe constructs.
import ctypes
x = '1234'
# Munging byte 1 OK
ctypes.memset(x, 1, 1)
print(x)
# Next line writes beyond end of variable and crashes
ctypes.memset(x, 1, 20000)
print(x)
Neil
More information about the Python-list
mailing list