[issue2587] PyString_FromStringAndSize() to be considered unsafe

2009-04-29 Thread Jan Lieskovsky
Jan Lieskovsky added the comment: Hello guys, if I didn't overlook something pretty obvious, this should work with python-2.6, but it crashes. Could you please have a look? Thanks, Jan. -- Jan iankko Lieskovsky -- nosy: +iankko Added file: http://bugs.python.org/file13815/fromStrin

[issue2587] PyString_FromStringAndSize() to be considered unsafe

2009-04-14 Thread Petr Splichal
Petr Splichal added the comment: Justin, is there any reproducer available for this issue? Thanks! -- nosy: +psss ___ Python tracker ___ _

[issue2587] PyString_FromStringAndSize() to be considered unsafe

2008-05-17 Thread Gregory P. Smith
Gregory P. Smith <[EMAIL PROTECTED]> added the comment: the redundant asserts were removed. reclosing. further discussion on signedness issues in the code base should take place on the mailing list, future bugs or peps as appropriate. -- status: open -> closed

[issue2587] PyString_FromStringAndSize() to be considered unsafe

2008-04-10 Thread Alexander Belopolsky
Alexander Belopolsky <[EMAIL PROTECTED]> added the comment: On Thu, Apr 10, 2008 at 3:48 PM, Guido van Rossum <[EMAIL PROTECTED]> wrote: Maybe as the first step we could get rid of the size sign abuse in long integer objects. I would suggest reserving a bit in the first (or last) digit to carry

[issue2587] PyString_FromStringAndSize() to be considered unsafe

2008-04-10 Thread Gregory P. Smith
Gregory P. Smith <[EMAIL PROTECTED]> added the comment: asserts nuked. r62271 and r62272 __ Tracker <[EMAIL PROTECTED]> __ ___ Python-bugs-list mailing

[issue2587] PyString_FromStringAndSize() to be considered unsafe

2008-04-10 Thread Guido van Rossum
Guido van Rossum <[EMAIL PROTECTED]> added the comment: Please do get rid of the asserts. Regarding signed sizes, it's a historic accident (copied from Unix system calls which tended to use plain ints or longs in the olden days), but it may not be impossible to fix -- we've fixed other things th

[issue2587] PyString_FromStringAndSize() to be considered unsafe

2008-04-10 Thread Gregory P. Smith
Gregory P. Smith <[EMAIL PROTECTED]> added the comment: The asserts can go. I left them in figuring a crashing interpreter on a debug build in someones sandbox or on a buildbox would get more attention than a SystemError being raised. I doubt that is a worthy assumption on my part. Both a cras

[issue2587] PyString_FromStringAndSize() to be considered unsafe

2008-04-10 Thread Guido van Rossum
Guido van Rossum <[EMAIL PROTECTED]> added the comment: Greg, any reason why you kept the assert()? IMO having the ValueError even in debug mode is better. __ Tracker <[EMAIL PROTECTED]> __ __

[issue2587] PyString_FromStringAndSize() to be considered unsafe

2008-04-10 Thread Justin Ferguson
Justin Ferguson <[EMAIL PROTECTED]> added the comment: The use of signed integers in Python is (imho) the single largest threat to the security of the interpreter. I'm probably preaching to the choir there though. I really dislike have to return values and indicate error in the return value, it

[issue2587] PyString_FromStringAndSize() to be considered unsafe

2008-04-10 Thread David Remahl
Changes by David Remahl <[EMAIL PROTECTED]>: -- nosy: +chmod007 __ Tracker <[EMAIL PROTECTED]> __ ___ Python-bugs-list mailing list Unsubscribe

[issue2587] PyString_FromStringAndSize() to be considered unsafe

2008-04-10 Thread Alexander Belopolsky
Alexander Belopolsky <[EMAIL PROTECTED]> added the comment: On Wed, Apr 9, 2008 at 8:18 PM, Guido van Rossum <[EMAIL PROTECTED]> wrote: > > [*sigh* i wish we didn't use a signed size type all over the place] > > What would you use for error returns then? > res == (size_t)-1 or res == 0 && Py

[issue2587] PyString_FromStringAndSize() to be considered unsafe

2008-04-09 Thread Guido van Rossum
Guido van Rossum <[EMAIL PROTECTED]> added the comment: > [*sigh* i wish we didn't use a signed size type all over the place] What would you use for error returns then? __ Tracker <[EMAIL PROTECTED]> ___

[issue2587] PyString_FromStringAndSize() to be considered unsafe

2008-04-09 Thread Gregory P. Smith
Gregory P. Smith <[EMAIL PROTECTED]> added the comment: release25-maint r62262 I'm closing this one. Please open additional issues with patches and/or pointers to bad callers of *_FromStringAndSize that let negative values through. [*sigh* i wish we didn't use a signed size type all over the p

[issue2587] PyString_FromStringAndSize() to be considered unsafe

2008-04-09 Thread Gregory P. Smith
Gregory P. Smith <[EMAIL PROTECTED]> added the comment: python trunk r62261 adds the checks and SystemError. patches to cleanup modules that inadvertently allow negative values to be passed into *_FromStringAndSize would still be appreciated. __ Tracker <[EMAIL P

[issue2587] PyString_FromStringAndSize() to be considered unsafe

2008-04-09 Thread Gregory P. Smith
Changes by Gregory P. Smith <[EMAIL PROTECTED]>: Removed file: http://bugs.python.org/file9994/unnamed __ Tracker <[EMAIL PROTECTED]> __ ___ Python-bugs

[issue2587] PyString_FromStringAndSize() to be considered unsafe

2008-04-09 Thread Gregory P. Smith
Changes by Gregory P. Smith <[EMAIL PROTECTED]>: -- assignee: -> gregory.p.smith __ Tracker <[EMAIL PROTECTED]> __ ___ Python-bugs-list mailing

[issue2587] PyString_FromStringAndSize() to be considered unsafe

2008-04-09 Thread Guido van Rossum
Guido van Rossum <[EMAIL PROTECTED]> added the comment: Cool. Let's make this a SystemError (in both debug builds and non-debug build). Greg, go ahead and fix it. -- nosy: +gvanrossum __ Tracker <[EMAIL PROTECTED]> _

[issue2587] PyString_FromStringAndSize() to be considered unsafe

2008-04-09 Thread Gregory P. Smith
Gregory P. Smith <[EMAIL PROTECTED]> added the comment: I think I like the SystemError approach for the same reasons. It still exposes the caller's bug but no longer does bad things. Added file: http://bugs.python.org/file9994/unnamed __ Tracker <[EMAIL PROTECTE

[issue2587] PyString_FromStringAndSize() to be considered unsafe

2008-04-09 Thread Justin Ferguson
Justin Ferguson <[EMAIL PROTECTED]> added the comment: > 1. If you change PyString_FromStringAndSize, you should change > PyBytes_FromStringAndSize and PyUnicode_FromStringAndSize for > consistency. Okay, if we don't patch the API call itself, I will look at the users of those two API calls as w

[issue2587] PyString_FromStringAndSize() to be considered unsafe

2008-04-09 Thread Alexander Belopolsky
Alexander Belopolsky <[EMAIL PROTECTED]> added the comment: On Wed, Apr 9, 2008 at 3:08 PM, Justin Ferguson <[EMAIL PROTECTED]> wrote: > Okay, so I'm not sure whose point of view takes precedence here? I don't have a strong view on this, but just a few points to consider: 1. If you change PyS

[issue2587] PyString_FromStringAndSize() to be considered unsafe

2008-04-09 Thread Justin Ferguson
Justin Ferguson <[EMAIL PROTECTED]> added the comment: Okay, so I'm not sure whose point of view takes precedence here? Also, to answer the question asked, I'm doing this manually. __ Tracker <[EMAIL PROTECTED]>

[issue2587] PyString_FromStringAndSize() to be considered unsafe

2008-04-09 Thread Gregory P. Smith
Changes by Gregory P. Smith <[EMAIL PROTECTED]>: -- priority: -> high versions: +Python 2.6 __ Tracker <[EMAIL PROTECTED]> __ ___ Python-bugs-l

[issue2587] PyString_FromStringAndSize() to be considered unsafe

2008-04-09 Thread Gregory P. Smith
Gregory P. Smith <[EMAIL PROTECTED]> added the comment: agreed, the assert in PyString_FromStringAndSize() should be changed to a non-debug test. -- nosy: +gregory.p.smith __ Tracker <[EMAIL PROTECTED]> _

[issue2587] PyString_FromStringAndSize() to be considered unsafe

2008-04-09 Thread Alexander Belopolsky
Alexander Belopolsky <[EMAIL PROTECTED]> added the comment: On Wed, Apr 9, 2008 at 1:20 PM, Justin Ferguson <[EMAIL PROTECTED]> wrote: .. > Do I need to create proof of concepts for each of these bugs, or can I > reference this ticket? > It would be best if you could provide a patch complete w

[issue2587] PyString_FromStringAndSize() to be considered unsafe

2008-04-09 Thread Justin Ferguson
Justin Ferguson <[EMAIL PROTECTED]> added the comment: Do I need to create proof of concepts for each of these bugs, or can I reference this ticket? __ Tracker <[EMAIL PROTECTED]> __ __

[issue2587] PyString_FromStringAndSize() to be considered unsafe

2008-04-09 Thread Justin Ferguson
Justin Ferguson <[EMAIL PROTECTED]> added the comment: While I think its a mistake that will cause security concerns in Python for quite some time to come, thats fair enough. I will refile all the places that this messes up individually __ Tracker <[EMAIL PROTECT

[issue2587] PyString_FromStringAndSize() to be considered unsafe

2008-04-09 Thread Alexander Belopolsky
Alexander Belopolsky <[EMAIL PROTECTED]> added the comment: I agree that PySSL_SSLread should check that its argument is >= 0. I don't think this check belongs to PyString_FromStringAndSize. It should be the responsibility of the caller to verify that the precondition size >= 0 is satisfied

[issue2587] PyString_FromStringAndSize() to be considered unsafe

2008-04-08 Thread Alexander Belopolsky
Changes by Alexander Belopolsky <[EMAIL PROTECTED]>: -- title: PyString_FromStringAndSize() to be considered unsane -> PyString_FromStringAndSize() to be considered unsafe __ Tracker <[EMAIL PROTECTED]>