Red Hat Bugzilla – Bug 138112
python overflows stack buffer
Last modified: 2013-03-01 00:14:49 EST
*** This bug has been split off bug 138110 ***
Description of problem:
char ip[MAX(INET_ADDRSTRLEN, INET6_ADDRSTRLEN) + 1];
char ip[INET_ADDRSTRLEN + 1];
/* Guarantee NUL-termination for PyString_FromString() below */
memset((void *) &ip, '\0', sizeof(ip) + 1);
which overwrites the ip buffer by 1 byte.
Reported upstream as bug 105470
Should be fixed in python 2.3.4-13 and newer.
Fedora Core 3 is now maintained by the Fedora Legacy project for security
updates only. If this problem is a security issue, please reopen and
reassign to the Fedora Legacy product. If it is not a security issue and
hasn't been resolved in the current FC5 updates or in the FC6 test
release, reopen and change the version to match.
Closing per lack of response to previous request for information.
This bug was originally filed against a much earlier version of Fedora
Core, and significant changes have taken place since the last version
for which this bug is confirmed.
Note that FC3 and FC4 are supported by Fedora Legacy for security
fixes only. Please install a still supported version and retest. If
it still occurs on FC5 or FC6, please reopen and assign to the correct
version. Otherwise, if this a security issue, please change the
product to Fedora Legacy. Thanks, and we are sorry that we did not
get to this bug earlier.