This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: Buffer overflow in socketmodule.c
Type: Stage:
Components: Library (Lib) Versions: Python 2.4
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: jhylton Nosy List: jhylton, misa
Priority: high Keywords:

Created on 2004-11-04 17:46 by misa, last changed 2022-04-11 14:56 by admin. This issue is now closed.

Messages (2)
msg23009 - (view) Author: Mihai Ibanescu (misa) Date: 2004-11-04 17:46 
the memset used to initialize ip in socket_inet_ntop
will try to zero out one byte more than the ip array
itself:


static PyObject *
socket_inet_ntop(PyObject *self, PyObject *args)
{
        int af;
        char* packed;
        int len;
        const char* retval;
#ifdef ENABLE_IPV6
        char ip[MAX(INET_ADDRSTRLEN, INET6_ADDRSTRLEN)
+ 1];
#else
        char ip[INET_ADDRSTRLEN + 1];
#endif

        /* Guarantee NUL-termination for
PyString_FromString() below */
        memset((void *) &ip[0], '\0', sizeof(ip) + 1);


Fix is to use sizeof(ip) instead of sizeof(ip) + 1
msg23010 - (view) Author: Jeremy Hylton (jhylton) (Python triager) Date: 2004-11-07 14:25 
Logged In: YES 
user_id=31392

Fixed by rev 1.311 of socketmodule.c.
History
Date User Action Args
2022-04-11 14:56:07adminsetgithub: 41123
2004-11-04 17:46:13misacreate