➜
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2007-03-26 14:13 by spiv, last changed 2022-04-11 14:56 by admin. This issue is now closed.
| Files | ||||
|---|---|---|---|---|
| File name | Uploaded | Description | Edit | |
| recvfrom_fix.diff | spiv, 2007-03-26 14:13 | Quick patch for recvfrom. | ||
| Messages (3) | |||
|---|---|---|---|
| msg31653 - (view) | Author: Andrew Bennetts (spiv) | Date: 2007-03-26 14:13 | |
Actually sock.recvfrom(x) crashes or causes memory corruption for all values in -sizeof(PyStringObject) <= x < 0, I think.
This script demonstrates the problem:
import socket, sys
s1 = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s1.bind(('127.0.0.1', 9999))
s2 = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s2.sendto('fdsjkldsfkj', ('127.0.0.1', 9999))
print s1.recvfrom(-24)
Try e.g. -1 instead of -24 as well.
I'm attaching a patch that fixes this bug, and adds a simple test for it too.
Other sock_recv* functions in socketmodule.c seem to already catch negative recvlen values and raise ValueError, but for some reason recvfrom missed out.
|
|||
| msg31654 - (view) | Author: Facundo Batista (facundobatista) *  |
Date: 2007-03-28 03:46 | |
Applied this to the trunk, let's see if we should backport it to 2.5.x before close this bug. |
|||
| msg31655 - (view) | Author: Neal Norwitz (nnorwitz) * |
Date: 2007-03-31 18:57 | |
Committed revision 54635. (2.5) 2.6 fix was in 54594. Also fixed some other copy and paste errors wrt method names when parsing arguments. |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:56:23 | admin | set | github: 44773 |
| 2007-03-26 14:13:14 | spiv | create | |