Bugs item #1688393, was opened at 2007-03-27 00:13
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1688393&group_id=5470
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Andrew Bennetts (spiv)
Assigned to: Nobody/Anonymous (nobody)
Summary: sock.recvfrom(-24) crashes
Initial Comment:
Actually sock.recvfrom(x) crashes or causes memory corruption for all values in
-sizeof(PyStringObject) <= x < 0, I think.
This script demonstrates the problem:
import socket, sys
s1 = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s1.bind(('127.0.0.1', 9999))
s2 = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s2.sendto('fdsjkldsfkj', ('127.0.0.1', 9999))
print s1.recvfrom(-24)
Try e.g. -1 instead of -24 as well.
I'm attaching a patch that fixes this bug, and adds a simple test for it too.
Other sock_recv* functions in socketmodule.c seem to already catch negative
recvlen values and raise ValueError, but for some reason recvfrom missed out.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1688393&group_id=5470
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
