[New-bugs-announce] [issue30065] Insufficient validation in _posixsubprocess.fork_exec()
Serhiy Storchaka
report at bugs.python.org
Thu Apr 13 06:14:01 EDT 2017
New submission from Serhiy Storchaka:
_posixsubprocess.fork_exec() takes a sequence of file descriptors. It first validates it, and since the validation is passed uses it without checking for errors. But since __len__, __getitem__ and __int__ can execute user code and release GIL, errors can occur after the validation. This can cause a crash.
Proposed patch fixes this by the simplest way -- it restricts the type of a sequence to tuple and types of elements to int. Since _posixsubprocess is private module this shouldn't break third-party code.
Other issue with _posixsubprocess.fork_exec() was that it converts args to a tuple or a list and iterate it without checking if the size is changed.
----------
components: Extension Modules
messages: 291595
nosy: serhiy.storchaka
priority: normal
severity: normal
stage: patch review
status: open
title: Insufficient validation in _posixsubprocess.fork_exec()
type: crash
versions: Python 3.5, Python 3.6, Python 3.7
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue30065>
_______________________________________
More information about the New-bugs-announce
mailing list