Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

_testcapi.pymem_buffer_overflow() doesn't handle memory allocation failure #80617

Closed
wjq-security mannequin opened this issue Mar 26, 2019 · 6 comments
Closed

_testcapi.pymem_buffer_overflow() doesn't handle memory allocation failure #80617

wjq-security mannequin opened this issue Mar 26, 2019 · 6 comments
Labels
3.7 (EOL) end of life 3.8 (EOL) end of life tests Tests in the Lib/test dir

Comments

@wjq-security
Copy link
Mannequin

wjq-security mannequin commented Mar 26, 2019

BPO 36436
Nosy @vstinner, @serhiy-storchaka, @miss-islington, @tirkarthi
PRs
  • bpo-36436: Fix _testcapi.pymem_buffer_overflow() #12560
  • [3.7] bpo-36436: Fix _testcapi.pymem_buffer_overflow() (GH-12560) #12561
  • [3.7] bpo-36436: Fix _testcapi.pymem_buffer_overflow() (GH-12560) #12564
  • Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = None
    closed_at = <Date 2019-03-26.18:35:36.822>
    created_at = <Date 2019-03-26.12:35:32.977>
    labels = ['3.8', '3.7', 'tests']
    title = "_testcapi.pymem_buffer_overflow() doesn't handle memory allocation failure"
    updated_at = <Date 2019-03-26.18:35:36.821>
    user = 'https://bugs.python.org/wjq-security'

    bugs.python.org fields:

    activity = <Date 2019-03-26.18:35:36.821>
    actor = 'vstinner'
    assignee = 'none'
    closed = True
    closed_date = <Date 2019-03-26.18:35:36.822>
    closer = 'vstinner'
    components = ['Tests']
    creation = <Date 2019-03-26.12:35:32.977>
    creator = 'wjq-security'
    dependencies = []
    files = []
    hgrepos = []
    issue_num = 36436
    keywords = ['patch']
    message_count = 6.0
    messages = ['338875', '338878', '338880', '338888', '338898', '338912']
    nosy_count = 5.0
    nosy_names = ['vstinner', 'serhiy.storchaka', 'miss-islington', 'xtreak', 'wjq-security']
    pr_nums = ['12560', '12561', '12564']
    priority = 'normal'
    resolution = 'fixed'
    stage = 'resolved'
    status = 'closed'
    superseder = None
    type = None
    url = 'https://bugs.python.org/issue36436'
    versions = ['Python 3.7', 'Python 3.8']

    @wjq-security
    Copy link
    Mannequin Author

    wjq-security mannequin commented Mar 26, 2019

    In Modules/_testcapimodule.c line 4186 and 4187.
    Allocated memory is used without null check.

    @wjq-security wjq-security mannequin added the type-security A security issue label Mar 26, 2019
    @tirkarthi
    Copy link
    Member

    _testcapimodule.c is mostly imported as _testcapi in tests. I am not sure this is a security issue.

    @vstinner
    Copy link
    Member

    _testcapimodule.c is mostly imported as _testcapi in tests. I am not sure this is a security issue.

    The function triggers a memory overflow on purpose. Handling memory allocation failure is the least of your problem if you call this function :-)

    The whole module is designed to testing purpose only. "_" prefix in "_testapi" means that it must not be used. It's not documented on purpose.

    Attached PR fix the bug.

    @vstinner vstinner added tests Tests in the Lib/test dir 3.7 (EOL) end of life 3.8 (EOL) end of life labels Mar 26, 2019
    @vstinner vstinner changed the title Potential null pointer de-reference vulnerability _testcapi.pymem_buffer_overflow() doesn't handle memory allocation failure Mar 26, 2019
    @vstinner vstinner removed the type-security A security issue label Mar 26, 2019
    @vstinner
    Copy link
    Member

    New changeset 414b1cd by Victor Stinner in branch 'master':
    bpo-36436: Fix _testcapi.pymem_buffer_overflow() (GH-12560)
    414b1cd

    @miss-islington
    Copy link
    Contributor

    New changeset 20fde53 by Miss Islington (bot) in branch '3.7':
    bpo-36436: Fix _testcapi.pymem_buffer_overflow() (GH-12560)
    20fde53

    @vstinner
    Copy link
    Member

    Thanks for your bug report. It is now fixed.

    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Labels
    3.7 (EOL) end of life 3.8 (EOL) end of life tests Tests in the Lib/test dir
    Projects
    None yet
    Development

    No branches or pull requests

    3 participants