STINNER Victor <vstin...@redhat.com> added the comment:
Christian and me created a bug report at the same time :-) My message: I found two interesting warnings on socketmodule.c in the Coverity report: Error: BUFFER_SIZE_WARNING (CWE-120): [#def12] Python-3.6.5/Modules/socketmodule.c:2069: buffer_size_warning: Calling strncpy with a maximum size argument of 14 bytes on destination array "sa->salg_type" of size 14 bytes might leave the destination string unterminated. # 2067| return 0; # 2068| } # 2069|-> strncpy((char *)sa->salg_type, type, sizeof(sa->salg_type)); # 2070| if (strlen(name) > sizeof(sa->salg_name)) { # 2071| PyErr_SetString(PyExc_ValueError, "AF_ALG name too long."); Error: BUFFER_SIZE_WARNING (CWE-120): [#def13] Python-3.6.5/Modules/socketmodule.c:2074: buffer_size_warning: Calling strncpy with a maximum size argument of 64 bytes on destination array "sa->salg_name" of size 64 bytes might leave the destination string unterminated. # 2072| return 0; # 2073| } # 2074|-> strncpy((char *)sa->salg_name, name, sizeof(sa->salg_name)); # 2075| # 2076| *len_ret = sizeof(*sa); It seems like the Linux kernel always write a terminating NUL byte for AF_ALG: https://elixir.bootlin.com/linux/latest/source/crypto/af_alg.c#L171 The Python code does not create buffer overflow, it's just that the Linux kernel will always reject names which are too long. Python should reject them as well. ---------- nosy: +vstinner _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue35050> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com