[issue35050] Off-by-one bug in AF_ALG

2018-12-10 Thread STINNER Victor
STINNER Victor added the comment: Thanks for the fix Christian! Note: Python 2 is not affected, it doesn't support AF_ALG. -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker

[issue35050] Off-by-one bug in AF_ALG

2018-12-10 Thread STINNER Victor
STINNER Victor added the comment: New changeset 1a7b62d5571b3742e706d247dfe6509f68f1409d by Victor Stinner in branch '3.7': bpo-35050: AF_ALG length check off-by-one error (GH-10058) (GH-11069) https://github.com/python/cpython/commit/1a7b62d5571b3742e706d247dfe6509f68f1409d --

[issue35050] Off-by-one bug in AF_ALG

2018-12-10 Thread STINNER Victor
STINNER Victor added the comment: New changeset bad41cefef6625807198a813d9dec2c08d59dc60 by Victor Stinner in branch '3.6': bpo-35050: AF_ALG length check off-by-one error (GH-10058) (GH-11070) https://github.com/python/cpython/commit/bad41cefef6625807198a813d9dec2c08d59dc60 --

[issue35050] Off-by-one bug in AF_ALG

2018-12-10 Thread STINNER Victor
Change by STINNER Victor : -- pull_requests: +10304 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue35050] Off-by-one bug in AF_ALG

2018-12-10 Thread STINNER Victor
Change by STINNER Victor : -- pull_requests: +10303 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue35050] Off-by-one bug in AF_ALG

2018-12-10 Thread STINNER Victor
STINNER Victor added the comment: New changeset 2eb6ad8578fa9d764c21a92acd8e054e3202ad19 by Victor Stinner (Christian Heimes) in branch 'master': bpo-35050: AF_ALG length check off-by-one error (GH-10058) https://github.com/python/cpython/commit/2eb6ad8578fa9d764c21a92acd8e054e3202ad19

[issue35050] Off-by-one bug in AF_ALG

2018-10-24 Thread Michael Airey
Michael Airey added the comment: The error checking code for salg_name and salg_type have an off-by-one bug. Must check that both strings are NUL terminated strings. -- nosy: +resmord ___ Python tracker

[issue35050] Off-by-one bug in AF_ALG

2018-10-23 Thread Christian Heimes
Christian Heimes added the comment: > The Python code does not create buffer overflow, it's just that the Linux > kernel will always reject names which are too long. The Kernel doesn't have a direct length restriction. It just ensures that type and name are NULL terminated. Other code

[issue35050] Off-by-one bug in AF_ALG

2018-10-23 Thread Christian Heimes
Change by Christian Heimes : -- keywords: +patch pull_requests: +9395 stage: -> patch review ___ Python tracker ___ ___

[issue35050] Off-by-one bug in AF_ALG

2018-10-23 Thread STINNER Victor
STINNER Victor added the comment: Christian and me created a bug report at the same time :-) My message: I found two interesting warnings on socketmodule.c in the Coverity report: Error: BUFFER_SIZE_WARNING (CWE-120): [#def12] Python-3.6.5/Modules/socketmodule.c:2069: buffer_size_warning:

[issue35050] Off-by-one bug in AF_ALG

2018-10-23 Thread Christian Heimes
New submission from Christian Heimes : The error checking code for salg_name and salg_type have an off-by-one bug. It should check that both strings are NUL terminated strings. It's not a security bug, because the Linux kernel ensures that the last byte is a NULL byte. -- components: