[issue25945] Type confusion in partial_setstate and partial_call leads to memory corruption

Changes by Serhiy Storchaka : -- assignee: -> serhiy.storchaka components: +Extension Modules -Library (Lib) nosy: +ncoghlan, rhettinger, serhiy.storchaka stage: -> needs patch versions: +Python 2.7 ___ Python tracker

[issue25939] _ssl.enum_certificates() fails with ERROR_ACCESS_DENIED if python.exe run with low integrity level

Chi Hsuan Yen added the comment: OK I've just succeeded in creating a low integrity level process with my own codes. Now the problem is: how can I integrate this tool into the test system? Seems the integrity level is per-process, while all tests are run in the same process. -- Added

[issue25939] _ssl.enum_certificates() fails with ERROR_ACCESS_DENIED if python.exe run with low integrity level

Chi Hsuan Yen added the comment: PsExec.exe seems not redistributable. PAExec is an alternative but I've not tried it. [1] Another option is re-implementing a tiny program for lowering the integrity level based on example codes provided in [2], which I've not tried yet, either. The latter opti

[issue25946] configure should pick /usr/bin/g++ automatically if present

New submission from Karl Richter: `./configure` both prints `checking for g++... no` and WARNING: By default, distutils will build C++ extension modules with "g++". If this is not intended, then set CXX on the configure command line. if `/usr/bin/g++` is present and execut

[issue25945] Type confusion in partial_setstate and partial_call leads to memory corruption

New submission from Ned Williamson: static PyObject * partial_setstate(partialobject *pto, PyObject *state) { PyObject *fn, *fnargs, *kw, *dict; if (!PyArg_ParseTuple(state, "", &fn, &fnargs, &kw, &dict)) return NULL; Py_XDECREF(pto->fn); Py_X

[issue25945] Type confusion in partial_setstate and partial_call leads to memory corruption

Changes by Ned Williamson : -- components: +Library (Lib) ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https

[issue25944] Type confusion in partial_setstate and partial_repr leads to control flow hijack

New submission from Ned Williamson: static PyObject * partial_setstate(partialobject *pto, PyObject *state) { PyObject *fn, *fnargs, *kw, *dict; if (!PyArg_ParseTuple(state, "", &fn, &fnargs, &kw, &dict)) return NULL; Py_XDECREF(pto->fn); Py_X

[issue25943] Integer overflow in _bsddb leads to heap corruption

New submission from Ned Williamson: In function `_db_associateCallback` of the `_bsddb` module, associating two databases with a callback that returns a sufficiently large list will lead to heap corruption due an integer overflow on 32-bit Python. >From `_bsddb.c`: ``` else if (PyList_Chec

[issue25942] subprocess.call SIGKILLs too liberally

New submission from Mike Pomraning: Python 3.3 introduces timeout support in subprocess.call, implemented by sending a SIGKILL if the Popen.wait is interrupted by a TimeoutExpired exception. However, the "except" clause is too broad, and will, for instance, trigger on a KeyboardInterrupt. Fo

[issue25939] _ssl.enum_certificates() fails with ERROR_ACCESS_DENIED if python.exe run with low integrity level

Eryk Sun added the comment: psexec.exe can be run from the the live server. >>> subprocess.call(r'\\live.sysinternals.com\tools\psexec.exe -s whoami') PsExec v2.11 - Execute processes remotely Copyright (C) 2001-2014 Mark Russinovich Sysinternals - www.sysinternals.com nt

[issue25939] _ssl.enum_certificates() fails with ERROR_ACCESS_DENIED if python.exe run with low integrity level

Steve Dower added the comment: Looks good to me. Is it worth dropping psexec.exe into the test suite so we can add a test for this (or maybe into tools so we can run it from a build without redistributing the exe)? It'll probably be helpful elsewhere too (symlink tests, for example).

[issue25941] Add 'How to Review a Patch' section to devguide

Changes by Terry J. Reedy : -- nosy: +terry.reedy ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.

[issue25941] Add 'How to Review a Patch' section to devguide

New submission from Camilla Montonen: This list is based on helpful tips and discussions received on the core-mentorship list and aims to help new beginners review patches in the bug tracker. The submitted patch is still in progress (the layout is a bit wonky and some details are still missing

[issue25940] SSL tests failed due to expired svn.python.org SSL certificate

New submission from Chi Hsuan Yen: The certificate of svn.python.org expires at Thu 24 Dec 2015 08:28:32 PM CST GMT, about 20 minutes ago. Please update its certificate or lots of tests in Lib\test\test_ssl.py fails with SSL: CERTIFICATE_VERIFY_FAILED. -- components: Tests messages: 25

[issue25939] _ssl.enum_certificates() fails with ERROR_ACCESS_DENIED if python.exe run with low integrity level

New submission from Chi Hsuan Yen: Originally reported at https://github.com/rg3/youtube-dl/issues/7951 Steps to reproduce: 1. Build 99665:dcf9e9ae5393 with Visual Studio 2015 2. Download and extract PsTools [1] 3. PsExec.exe -l python.exe 4. In Python, run: import _ssl _ssl.enum_certif

[issue19475] Add timespec optional flag to datetime isoformat() to choose the precision

Alessandro Cucci added the comment: Can anyone please review the c code of the last patch? -- ___ Python tracker ___ ___ Python-bugs-l

[issue12484] The Py_InitModule functions no longer exist, but remain in the docs

Changes by Brett Cannon : -- assignee: docs@python -> brett.cannon ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscrib

[issue12484] The Py_InitModule functions no longer exist, but remain in the docs

Anish Shah added the comment: @brett.cannon Thanks! I have updated the patch. I removed "_PyImport_FixupExtension" from docs. -- Added file: http://bugs.python.org/file41404/issue12484.patch ___ Python tracker ___

[issue12484] The Py_InitModule functions no longer exist, but remain in the docs

Brett Cannon added the comment: Please do not document _PyImport_FixupExtensionObject(); documenting the internal functions was a mistake. As for whether _PyImport_FixupExtension() should be in this issue or another one, it doesn't matter, Anish; basically whatever is easiest for you if you w

[issue12484] The Py_InitModule functions no longer exist, but remain in the docs

Anish Shah added the comment: It should be done in a separate issue, right? Or should I include it in this patch? -- ___ Python tracker ___ __

[issue1753718] base64 "legacy" functions violate RFC 3548

R. David Murray added the comment: That would be a good idea, yes. I thought Martin was doing that as part of issue 22088, but now that I look at the patch I see he didn't. Martin, do you want to add it to that patch, or should I reopen this? -- _

[issue25812] locale.nl_langinfo() can't decode value

Changes by Serhiy Storchaka : -- versions: -Python 3.4 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https:/

[issue25909] Incorrect documentation for PyMapping_Items and like

Serhiy Storchaka added the comment: Yes, the documentation and comments (and all other mentions if exist) should be corrected. We can also consider the option to change current behavior, since it is already differ from 2.x, but this is other issue. --

[issue8604] Adding an atomic FS write API

STINNER Victor added the comment: This issue is old and different operating systems provide different warranties on rename. Maybe this project should start as a project on PyPI to find the best API and catch compatibilitites issues. For example os.scandir() also started on PyPI. --

[issue25933] Unhandled exception (TypeError) with ftplib in function retrbinary/retrlines causes inoperable behavior without crashing

SilentGhost added the comment: OK, here is the patch with the test that I think is exercising the issue. -- keywords: +needs review, patch stage: -> patch review Added file: http://bugs.python.org/file41403/issue25933.diff ___ Python tracker

[issue24103] Use after free in xmlparser_setevents (1)

Roundup Robot added the comment: New changeset deda5b5160d2 by Serhiy Storchaka in branch '2.7': Issue #24103: Fixed possible use after free in ElementTree.iterparse(). https://hg.python.org/cpython/rev/deda5b5160d2 New changeset ed62cf0cf256 by Serhiy Storchaka in branch '3.5': Issue #24103: Fi

[issue24103] Use after free in xmlparser_setevents (1)

Changes by Serhiy Storchaka : -- dependencies: -Use the Py_SETREF macro resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker ___ _

[issue20440] Use the Py_SETREF macro

Serhiy Storchaka added the comment: Following patch is manually crafted and covers the rest cases. It also replaces existing correct attribute replacing using a temporary variable with more compact call of the macro. -- Added file: http://bugs.python.org/file41402/py_setref_extra.patch

[issue20440] Use the Py_SETREF macro

Serhiy Storchaka added the comment: Committed patches were generated with attached Coccinelle script. -- Added file: http://bugs.python.org/file41401/py_setref.cocci ___ Python tracker _

[issue20440] Use the Py_SETREF macro

Roundup Robot added the comment: New changeset 23296440b654 by Serhiy Storchaka in branch '2.7': Issue #20440: Massive replacing unsafe attribute setting code with special https://hg.python.org/cpython/rev/23296440b654 New changeset fd36d72f6030 by Serhiy Storchaka in branch '3.5': Issue #20440: