On Aug 4, 6:06 am, John Nagle wrote:
> Gabriel Genellina wrote:
> > En Mon, 03 Aug 2009 18:04:53 -0300, sturlamolden
> > escribió:
>
> >> On 2 Aug, 15:50, Jizzai wrote:
>
> >>> Is a _pure_ python program buffer overflow proof?
>
> >>> For example in C++ you can declare a char[9] to hold user inp
On Aug 3, 10:04 pm, sturlamolden wrote:
> On 2 Aug, 15:50, Jizzai wrote:
>
> > Is a _pure_ python program buffer overflow proof?
>
> > For example in C++ you can declare a char[9] to hold user input.
> > If the user inputs 10+ chars a buffer overflow occurs.
>
> Short answer: NO
>
> Bounds checki
* Neil Hodgson (Tue, 04 Aug 2009 13:32:55 GMT)
> Thorsten Kampe:
> > You cannot create "your own" buffer overflow in Python as you can in
C
> > and C++ but your code could still be vulnerable if the underlying Python
> > construct is written in C.
>
>Python's standard library does now inclu
On Aug 4, 2:27 pm, Tim Chase wrote:
> You *can* shoot yourself in the foot with Python, you just have
> to aim much more carefully than you do with C/C++.
You can e.g. define a class with a __del__ method and make some
circular references. That should give you a nice memory leak.
--
http://mai
Thorsten Kampe:
> You cannot create "your own" buffer overflow in Python as you can in C
> and C++ but your code could still be vulnerable if the underlying Python
> construct is written in C.
Python's standard library does now include unsafe constructs.
import ctypes
x = '1234'
# Munging b
Marcus Wanner wrote:
On 8/3/2009 3:45 AM, Diez B. Roggisch wrote:
But you can cast the resulting pointer to an array of larger size, and
there you are.
Ah, that makes sense. I had forgotten about ctypes.cast().
You *can* shoot yourself in the foot with Python, you just have
to aim much more
* Jizzai (Sun, 02 Aug 2009 13:50:14 GMT)
> Is a _pure_ python program buffer overflow proof?
You cannot create "your own" buffer overflow in Python as you can in C
and C++ but your code could still be vulnerable if the underlying Python
construct is written in C. See [1] for instance.
Thorsten
John Nagle wrote:
A more useful question is whether the standard libraries are being
run through any of the commercial static checkers for possible buffer
overflows.
The CPython interpreter is constantly checked with
http://www.coverity.com/. Although Python is used for critical stuff at
En Tue, 04 Aug 2009 02:06:06 -0300, John Nagle
escribió:
Gabriel Genellina wrote:
En Mon, 03 Aug 2009 18:04:53 -0300, sturlamolden
escribió:
On 2 Aug, 15:50, Jizzai wrote:
Is a _pure_ python program buffer overflow proof?
For example in C++ you can declare a char[9] to hold user input.
Steven D'Aprano writes:
> The point is that code you write yourself can rely on "pure Python" to be
> free of buffer-overflows (for some definition of "rely") rather than
> having to worry about managing memory yourself.
Right. Basically the Python interpreter protects you reasonably well
from
On Mon, 03 Aug 2009 21:34:15 -0700, Paul Rubin wrote:
> Steven D'Aprano writes:
>> > The Python interpreter is written in C. Python extension modules are
>> > written in C (or something similar). If you find an unprotected
>> > buffer in this C code, you can possibly overflow this buffer.
>>
>>
Gabriel Genellina wrote:
En Mon, 03 Aug 2009 18:04:53 -0300, sturlamolden
escribió:
On 2 Aug, 15:50, Jizzai wrote:
Is a _pure_ python program buffer overflow proof?
For example in C++ you can declare a char[9] to hold user input.
If the user inputs 10+ chars a buffer overflow occurs.
Sh
Steven D'Aprano writes:
> > The Python interpreter is written in C. Python extension modules are
> > written in C (or something similar). If you find an unprotected buffer
> > in this C code, you can possibly overflow this buffer.
>
> How are C extension modules "_pure_ python"?
A lot of basic
On Mon, 03 Aug 2009 14:04:53 -0700, sturlamolden wrote:
> On 2 Aug, 15:50, Jizzai wrote:
>
>> Is a _pure_ python program buffer overflow proof?
>>
>> For example in C++ you can declare a char[9] to hold user input. If the
>> user inputs 10+ chars a buffer overflow occurs.
>
> Short answer: NO
>
En Mon, 03 Aug 2009 18:04:53 -0300, sturlamolden
escribió:
On 2 Aug, 15:50, Jizzai wrote:
Is a _pure_ python program buffer overflow proof?
For example in C++ you can declare a char[9] to hold user input.
If the user inputs 10+ chars a buffer overflow occurs.
Short answer: NO
Bounds ch
On 2 Aug, 15:50, Jizzai wrote:
> Is a _pure_ python program buffer overflow proof?
>
> For example in C++ you can declare a char[9] to hold user input.
> If the user inputs 10+ chars a buffer overflow occurs.
Short answer: NO
Bounds checking on sequence types is a protection against buffer
over
On 8/3/2009 3:45 AM, Diez B. Roggisch wrote:
Marcus Wanner schrieb:
On 8/2/2009 10:43 AM, Christian Heimes wrote:
Marcus Wanner wrote:
I believe that python is buffer overflow proof. In fact, I think
that even ctypes is overflow proof...
No, ctypes isn't buffer overflow proof. ctypes can bre
Marcus Wanner schrieb:
On 8/2/2009 10:43 AM, Christian Heimes wrote:
Marcus Wanner wrote:
I believe that python is buffer overflow proof. In fact, I think that
even ctypes is overflow proof...
No, ctypes isn't buffer overflow proof. ctypes can break and crash a
Python interpreter easily.
C
On 8/2/2009 10:43 AM, Christian Heimes wrote:
Marcus Wanner wrote:
I believe that python is buffer overflow proof. In fact, I think that
even ctypes is overflow proof...
No, ctypes isn't buffer overflow proof. ctypes can break and crash a
Python interpreter easily.
Christian
I see. I thoug
On Sun, 02 Aug 2009 13:50:14 +, Jizzai wrote:
> Is a _pure_ python program buffer overflow proof?
It's supposed to be.
> For example in C++ you can declare a char[9] to hold user input. If the
> user inputs 10+ chars a buffer overflow occurs.
>
> In python, I cannot seem to find a way to de
Marcus Wanner wrote:
I believe that python is buffer overflow proof. In fact, I think that
even ctypes is overflow proof...
No, ctypes isn't buffer overflow proof. ctypes can break and crash a
Python interpreter easily.
Christian
--
http://mail.python.org/mailman/listinfo/python-list
On 8/2/2009 9:50 AM, Jizzai wrote:
Is a _pure_ python program buffer overflow proof?
For example in C++ you can declare a char[9] to hold user input.
If the user inputs 10+ chars a buffer overflow occurs.
In python, I cannot seem to find a way to define/restrict a string length.
This is probabl
Is a _pure_ python program buffer overflow proof?
For example in C++ you can declare a char[9] to hold user input.
If the user inputs 10+ chars a buffer overflow occurs.
In python, I cannot seem to find a way to define/restrict a string length.
This is probably by design and raises the topic in
23 matches
Mail list logo