Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gh-98793: Fix typecheck in overlapped.c #98835

Merged
merged 6 commits into from
Oct 30, 2022
Merged

gh-98793: Fix typecheck in overlapped.c #98835

merged 6 commits into from
Oct 30, 2022

Conversation

CharlieZhao95
Copy link
Contributor

@CharlieZhao95 CharlieZhao95 commented Oct 29, 2022
edited by bedevere-bot

Fixes typecheck in _overlapped.WSAConnect and _overlapped.Overlapped.WSASendTo.

@kumaraditya303 kumaraditya303 added topic-asyncio needs backport to 3.10 only security fixes type-crash A hard crash of the interpreter, possibly with a core dump needs backport to 3.11 only security fixes labels Oct 29, 2022
CharlieZhao95 and others added 2 commits October 29, 2022 18:08
@CharlieZhao95 @kumaraditya303
Update Misc/NEWS.d/next/Library/2022-10-29-03-40-18.gh-issue-98793.WS…
a6f893a 
…PB4A.rst

Co-authored-by: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com>
@CharlieZhao95
Delete trailing whitespace
40dc5ad
@kumaraditya303
Copy link
Contributor

This can potentially crash the interpreter so can be considered a security issue. The RMs should decide cc @pablogsal @ambv.

@gvanrossum
Copy link
Member

Usually a crash is only a vulnerability if it can be exploited by sending an app that is using the API untrusted data.

@ambv
Copy link
Contributor

ambv commented Oct 29, 2022

Since it's complex to decide which crash can be triggered by user action, we usually treat crashers as potential vulnerabilities and patch them in security-only releases. We'd spend more time thinking about whether it's right to backport if the patch was overly complex or backwards incompatible. This isn't the case here so I'd backport to security-only releases, too.

Such crashers rarely get CVE numbers and we don't automatically trigger a security release for them. We just bundle the fix with the next release that is triggered by a CVE.

@ambv
Copy link
Contributor

ambv commented Oct 29, 2022

The backports might be a bit involved due to Argument Clinic. I'll take care of those.

@gvanrossum gvanrossum merged commit 3ac8c0a into python:main Oct 30, 2022
@miss-islington
Copy link
Contributor

Thanks @CharlieZhao95 for the PR, and @gvanrossum for merging it 🌮🎉.. I'm working now to backport this PR to: 3.7, 3.8, 3.9, 3.10, 3.11.
🐍🍒⛏🤖

@miss-islington
Copy link
Contributor

Sorry, @CharlieZhao95 and @gvanrossum, I could not cleanly backport this to 3.11 due to a conflict.
Please backport using cherry_picker on command line.
cherry_picker 3ac8c0ab6ee819a14b1c8e0992acbaf376a46058 3.11

@miss-islington
Copy link
Contributor

Sorry @CharlieZhao95 and @gvanrossum, I had trouble checking out the 3.10 backport branch.
Please retry by removing and re-adding the "needs backport to 3.10" label.
Alternatively, you can backport using cherry_picker on the command line.
cherry_picker 3ac8c0ab6ee819a14b1c8e0992acbaf376a46058 3.10

@miss-islington
Copy link
Contributor

Sorry, @CharlieZhao95 and @gvanrossum, I could not cleanly backport this to 3.9 due to a conflict.
Please backport using cherry_picker on command line.
cherry_picker 3ac8c0ab6ee819a14b1c8e0992acbaf376a46058 3.9

@miss-islington
Copy link
Contributor

Sorry @CharlieZhao95 and @gvanrossum, I had trouble checking out the 3.8 backport branch.
Please retry by removing and re-adding the "needs backport to 3.8" label.
Alternatively, you can backport using cherry_picker on the command line.
cherry_picker 3ac8c0ab6ee819a14b1c8e0992acbaf376a46058 3.8

@miss-islington
Copy link
Contributor

Sorry, @CharlieZhao95 and @gvanrossum, I could not cleanly backport this to 3.7 due to a conflict.
Please backport using cherry_picker on command line.
cherry_picker 3ac8c0ab6ee819a14b1c8e0992acbaf376a46058 3.7

@gvanrossum
Copy link
Member

Okay @ambv go ahead with the backport!

@kumaraditya303 kumaraditya303 assigned ambv and unassigned gvanrossum Oct 30, 2022
CharlieZhao95 added a commit to CharlieZhao95/cpython that referenced this pull request Oct 31, 2022
@CharlieZhao95
pythongh-98793: Fix typecheck in overlapped.c (python#98835)
aec14c5 
Co-authored-by: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com>
(cherry picked from commit 3ac8c0a)
@CharlieZhao95
Copy link
Contributor Author

It seems that for recent releases(3.11/3.10), backporting is not that complicated, and I will help with those backports as well :)

CharlieZhao95 added a commit to CharlieZhao95/cpython that referenced this pull request Oct 31, 2022
@CharlieZhao95
pythongh-98793: Fix typecheck in overlapped.c (python#98835)
f12fc78 
Co-authored-by: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com>
(cherry picked from commit 3ac8c0a)
@bedevere-bot
Copy link

GH-98889 is a backport of this pull request to the 3.11 branch.

@bedevere-bot bedevere-bot removed the needs backport to 3.11 only security fixes label Oct 31, 2022
@bedevere-bot
Copy link

GH-98890 is a backport of this pull request to the 3.10 branch.

@bedevere-bot bedevere-bot removed the needs backport to 3.10 only security fixes label Oct 31, 2022
@bedevere-bot
Copy link

GH-98890 is a backport of this pull request to the 3.10 branch.

gvanrossum pushed a commit that referenced this pull request Oct 31, 2022
@CharlieZhao95
[3.11] gh-98793: Fix typecheck in overlapped.c (GH-98835) (#98889)
2b0cbb9 
Co-authored-by: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com>
(cherry picked from commit 3ac8c0a)
gvanrossum pushed a commit that referenced this pull request Oct 31, 2022
@CharlieZhao95
[3.10] gh-98793: Fix typecheck in overlapped.c (GH-98835) (#98890)
d3d1738 
Co-authored-by: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com>
(cherry picked from commit 3ac8c0a)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gvanrossum gvanrossum gvanrossum approved these changes

@kumaraditya303 kumaraditya303 kumaraditya303 approved these changes

@1st1 1st1 Awaiting requested review from 1st1 1st1 is a code owner

@asvetlov asvetlov Awaiting requested review from asvetlov asvetlov is a code owner

Assignees

@ambv ambv

Labels
needs backport to 3.8 only security fixes needs backport to 3.9 only security fixes topic-asyncio type-crash A hard crash of the interpreter, possibly with a core dump
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@CharlieZhao95 @kumaraditya303 @gvanrossum @ambv @miss-islington @bedevere-bot