[issue30065] Insufficient validation in _posixsubprocess.fork_exec()

2017-04-19 Thread Serhiy Storchaka 

Changes by Serhiy Storchaka :


--
resolution:  -> fixed
stage: patch review -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue30065] Insufficient validation in _posixsubprocess.fork_exec()

2017-04-19 Thread Serhiy Storchaka 

Serhiy Storchaka added the comment:


New changeset c97c1914f401359f2a7e6c8e0364e71ad9fb5bc8 by Serhiy Storchaka in 
branch '3.5':
[3.5] bpo-30065: Fixed arguments validation in _posixsubprocess.fork_exec(). 
(GH-1110) (#1190)
https://github.com/python/cpython/commit/c97c1914f401359f2a7e6c8e0364e71ad9fb5bc8


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue30065] Insufficient validation in _posixsubprocess.fork_exec()

2017-04-19 Thread Serhiy Storchaka 

Changes by Serhiy Storchaka :


--
pull_requests: +1318

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue30065] Insufficient validation in _posixsubprocess.fork_exec()

2017-04-19 Thread Serhiy Storchaka 

Serhiy Storchaka added the comment:


New changeset e2546172622dd52692cf0e26c2b931f942f345b6 by Serhiy Storchaka in 
branch '3.6':
[3.6] bpo-30065: Fixed arguments validation in _posixsubprocess.fork_exec(). 
(GH-1110) (#1186)
https://github.com/python/cpython/commit/e2546172622dd52692cf0e26c2b931f942f345b6


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue30065] Insufficient validation in _posixsubprocess.fork_exec()

2017-04-19 Thread Serhiy Storchaka 

Changes by Serhiy Storchaka :


--
pull_requests: +1315

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue30065] Insufficient validation in _posixsubprocess.fork_exec()

2017-04-19 Thread Serhiy Storchaka 

Serhiy Storchaka added the comment:


New changeset 66bffd1663489d080349debbf1b472d432351038 by Serhiy Storchaka in 
branch 'master':
bpo-30065: Fixed arguments validation in _posixsubprocess.fork_exec(). (#1110)
https://github.com/python/cpython/commit/66bffd1663489d080349debbf1b472d432351038


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue30065] Insufficient validation in _posixsubprocess.fork_exec()

2017-04-16 Thread Serhiy Storchaka 

Changes by Serhiy Storchaka :


--
assignee:  -> serhiy.storchaka

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue30065] Insufficient validation in _posixsubprocess.fork_exec()

2017-04-13 Thread Serhiy Storchaka 

Serhiy Storchaka added the comment:

It is hard to reproduce (especially the second issue) since in all cases in the 
stdlib a list passed to fork_exec() is just created by sorted() and doesn't 
have other references. But if someone is so insane that passes int-like objects 
with non-idempotent __int__ as file descriptors his can get a crash in debug 
build (or mystical bugs in release build). Added tests utilizes this, but this 
unlikely happens in real code.

I have found this issue during analyzing usages of PyObject_Size(), 
PySequence_Size() and PyMapping_Size() in issue30061.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue30065] Insufficient validation in _posixsubprocess.fork_exec()

2017-04-13 Thread Gregory P. Smith 

Gregory P. Smith added the comment:

nice find.  did anyone's code actually run into this issue?

--
nosy: +gregory.p.smith

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue30065] Insufficient validation in _posixsubprocess.fork_exec()

2017-04-13 Thread Serhiy Storchaka 

Changes by Serhiy Storchaka :


--
pull_requests: +1251

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue30065] Insufficient validation in _posixsubprocess.fork_exec()

2017-04-13 Thread Serhiy Storchaka 

New submission from Serhiy Storchaka:

_posixsubprocess.fork_exec() takes a sequence of file descriptors. It first 
validates it, and since the validation is passed uses it without checking for 
errors. But since __len__, __getitem__ and __int__ can execute user code and 
release GIL, errors can occur after the validation. This can cause a crash.

Proposed patch fixes this by the simplest way -- it restricts the type of a 
sequence to tuple and types of elements to int. Since _posixsubprocess is 
private module this shouldn't break third-party code.

Other issue with _posixsubprocess.fork_exec() was that it converts args to a 
tuple or a list and iterate it without checking if the size is changed.

--
components: Extension Modules
messages: 291595
nosy: serhiy.storchaka
priority: normal
severity: normal
stage: patch review
status: open
title: Insufficient validation in _posixsubprocess.fork_exec()
type: crash
versions: Python 3.5, Python 3.6, Python 3.7

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com