* Neil Hodgson (Tue, 04 Aug 2009 13:32:55 GMT)
Thorsten Kampe:
You cannot create your own buffer overflow in Python as you can in
C
and C++ but your code could still be vulnerable if the underlying Python
construct is written in C.
Python's standard library does now include unsafe
On Aug 3, 10:04 pm, sturlamolden sturlamol...@yahoo.no wrote:
On 2 Aug, 15:50, Jizzai jiz...@gmail.com wrote:
Is a _pure_ python program buffer overflow proof?
For example in C++ you can declare a char[9] to hold user input.
If the user inputs 10+ chars a buffer overflow occurs.
Short
On Aug 4, 6:06 am, John Nagle na...@animats.com wrote:
Gabriel Genellina wrote:
En Mon, 03 Aug 2009 18:04:53 -0300, sturlamolden sturlamol...@yahoo.no
escribió:
On 2 Aug, 15:50, Jizzai jiz...@gmail.com wrote:
Is a _pure_ python program buffer overflow proof?
For example in C++ you
On Mon, 03 Aug 2009 21:34:15 -0700, Paul Rubin wrote:
Steven D'Aprano ste...@remove.this.cybersource.com.au writes:
The Python interpreter is written in C. Python extension modules are
written in C (or something similar). If you find an unprotected
buffer in this C code, you can possibly
Steven D'Aprano ste...@remove.this.cybersource.com.au writes:
The point is that code you write yourself can rely on pure Python to be
free of buffer-overflows (for some definition of rely) rather than
having to worry about managing memory yourself.
Right. Basically the Python interpreter
En Tue, 04 Aug 2009 02:06:06 -0300, John Nagle na...@animats.com
escribió:
Gabriel Genellina wrote:
En Mon, 03 Aug 2009 18:04:53 -0300, sturlamolden
sturlamol...@yahoo.no escribió:
On 2 Aug, 15:50, Jizzai jiz...@gmail.com wrote:
Is a _pure_ python program buffer overflow proof?
For
John Nagle wrote:
A more useful question is whether the standard libraries are being
run through any of the commercial static checkers for possible buffer
overflows.
The CPython interpreter is constantly checked with
http://www.coverity.com/. Although Python is used for critical stuff at
* Jizzai (Sun, 02 Aug 2009 13:50:14 GMT)
Is a _pure_ python program buffer overflow proof?
You cannot create your own buffer overflow in Python as you can in C
and C++ but your code could still be vulnerable if the underlying Python
construct is written in C. See [1] for instance.
Thorsten
Marcus Wanner wrote:
On 8/3/2009 3:45 AM, Diez B. Roggisch wrote:
But you can cast the resulting pointer to an array of larger size, and
there you are.
Ah, that makes sense. I had forgotten about ctypes.cast().
You *can* shoot yourself in the foot with Python, you just have
to aim much
Thorsten Kampe:
You cannot create your own buffer overflow in Python as you can in C
and C++ but your code could still be vulnerable if the underlying Python
construct is written in C.
Python's standard library does now include unsafe constructs.
import ctypes
x = '1234'
# Munging byte
Marcus Wanner schrieb:
On 8/2/2009 10:43 AM, Christian Heimes wrote:
Marcus Wanner wrote:
I believe that python is buffer overflow proof. In fact, I think that
even ctypes is overflow proof...
No, ctypes isn't buffer overflow proof. ctypes can break and crash a
Python interpreter easily.
On 8/3/2009 3:45 AM, Diez B. Roggisch wrote:
Marcus Wanner schrieb:
On 8/2/2009 10:43 AM, Christian Heimes wrote:
Marcus Wanner wrote:
I believe that python is buffer overflow proof. In fact, I think
that even ctypes is overflow proof...
No, ctypes isn't buffer overflow proof. ctypes can
On 2 Aug, 15:50, Jizzai jiz...@gmail.com wrote:
Is a _pure_ python program buffer overflow proof?
For example in C++ you can declare a char[9] to hold user input.
If the user inputs 10+ chars a buffer overflow occurs.
Short answer: NO
Bounds checking on sequence types is a protection
En Mon, 03 Aug 2009 18:04:53 -0300, sturlamolden sturlamol...@yahoo.no
escribió:
On 2 Aug, 15:50, Jizzai jiz...@gmail.com wrote:
Is a _pure_ python program buffer overflow proof?
For example in C++ you can declare a char[9] to hold user input.
If the user inputs 10+ chars a buffer overflow
On Mon, 03 Aug 2009 14:04:53 -0700, sturlamolden wrote:
On 2 Aug, 15:50, Jizzai jiz...@gmail.com wrote:
Is a _pure_ python program buffer overflow proof?
For example in C++ you can declare a char[9] to hold user input. If the
user inputs 10+ chars a buffer overflow occurs.
Short answer:
Steven D'Aprano ste...@remove.this.cybersource.com.au writes:
The Python interpreter is written in C. Python extension modules are
written in C (or something similar). If you find an unprotected buffer
in this C code, you can possibly overflow this buffer.
How are C extension modules
Gabriel Genellina wrote:
En Mon, 03 Aug 2009 18:04:53 -0300, sturlamolden sturlamol...@yahoo.no
escribió:
On 2 Aug, 15:50, Jizzai jiz...@gmail.com wrote:
Is a _pure_ python program buffer overflow proof?
For example in C++ you can declare a char[9] to hold user input.
If the user inputs
Is a _pure_ python program buffer overflow proof?
For example in C++ you can declare a char[9] to hold user input.
If the user inputs 10+ chars a buffer overflow occurs.
In python, I cannot seem to find a way to define/restrict a string length.
This is probably by design and raises the topic in
On 8/2/2009 9:50 AM, Jizzai wrote:
Is a _pure_ python program buffer overflow proof?
For example in C++ you can declare a char[9] to hold user input.
If the user inputs 10+ chars a buffer overflow occurs.
In python, I cannot seem to find a way to define/restrict a string length.
This is
Marcus Wanner wrote:
I believe that python is buffer overflow proof. In fact, I think that
even ctypes is overflow proof...
No, ctypes isn't buffer overflow proof. ctypes can break and crash a
Python interpreter easily.
Christian
--
http://mail.python.org/mailman/listinfo/python-list
On Sun, 02 Aug 2009 13:50:14 +, Jizzai wrote:
Is a _pure_ python program buffer overflow proof?
It's supposed to be.
For example in C++ you can declare a char[9] to hold user input. If the
user inputs 10+ chars a buffer overflow occurs.
In python, I cannot seem to find a way to
On 8/2/2009 10:43 AM, Christian Heimes wrote:
Marcus Wanner wrote:
I believe that python is buffer overflow proof. In fact, I think that
even ctypes is overflow proof...
No, ctypes isn't buffer overflow proof. ctypes can break and crash a
Python interpreter easily.
Christian
I see. I
22 matches
Mail list logo