subject:"\[issue41168\] Lack of proper checking in PyObject

[issue41168] Lack of proper checking in PyObject_SetAttr leads to segmentation fault

2020-08-11 Thread Petr Viktorin



Petr Viktorin  added the comment:

Closing; please re-open if you have more info.

--
resolution:  -> not a bug
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41168] Lack of proper checking in PyObject_SetAttr leads to segmentation fault

2020-08-06 Thread Jeffrey Kintscher



Jeffrey Kintscher  added the comment:

Can you attach the Python source code for the PoC?

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41168] Lack of proper checking in PyObject_SetAttr leads to segmentation fault

2020-08-06 Thread Jeffrey Kintscher



Change by Jeffrey Kintscher :


--
nosy: +Jeffrey.Kintscher

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41168] Lack of proper checking in PyObject_SetAttr leads to segmentation fault

2020-07-01 Thread Petr Viktorin



Petr Viktorin  added the comment:

What kind of security-related issues do you mean? A .pyc file is code; it can 
do anything. Never run untrusted code, be it .py or .pyc.

See also: Lib/test/crashers/bogus_code_obj.py

--
nosy: +petr.viktorin

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41168] Lack of proper checking in PyObject_SetAttr leads to segmentation fault

2020-06-30 Thread Iman Sharafodin



New submission from Iman Sharafodin :

I was testing the latest release of Python 3.6 (June 27, 2020) 
(https://www.python.org/ftp/python/3.6.11/Python-3.6.11.tgz) and I found that 
there is lack of enough checks on line number 956 in Objects/object.c file 
which can cause a segmentation fault. It could lead to security related issues. 
I've attached the PoC.pyc.


Program received signal SIGSEGV, Segmentation fault.
PyObject_SetAttr (v=v@entry=0x6d7373616c637463, name=0x77f75730, 
value=value@entry=0x0) at Objects/object.c:956
956 PyTypeObject *tp = Py_TYPE(v);

--
components: Interpreter Core
files: PoC.pyc
messages: 372683
nosy: Iman Sharafodin
priority: normal
severity: normal
status: open
title: Lack of proper checking in PyObject_SetAttr leads to segmentation fault
type: security
versions: Python 3.6
Added file: https://bugs.python.org/file49280/PoC.pyc

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41168] Lack of proper checking in PyObject_SetAttr leads to segmentation fault

[issue41168] Lack of proper checking in PyObject_SetAttr leads to segmentation fault

[issue41168] Lack of proper checking in PyObject_SetAttr leads to segmentation fault

[issue41168] Lack of proper checking in PyObject_SetAttr leads to segmentation fault

[issue41168] Lack of proper checking in PyObject_SetAttr leads to segmentation fault

5 matches

Site Navigation

Mail list logo

Footer information