Issue 27599: Buffer overrun in binascii (original) (raw)

Issue27599

Created on 2016-07-23 16:31 by serhiy.storchaka, last changed 2022-04-11 14:58 by admin. This issue is now closed.

Messages (3)
msg271092 - (view)	Author: Serhiy Storchaka (serhiy.storchaka) *	Date: 2016-07-23 16:31
There is reading one byte past the end of the input buffer in binascii.b2a_qp(). Following example shows the behavior difference depending on the value of this byte: >>> binascii.b2a_qp(memoryview(b'..')[:-1]) b'.' >>> binascii.b2a_qp(bytes(memoryview(b'..')[:-1])) b'=2E' In rare cases (memoryview of mmap object or custom buffer) this can cause a segfault. Maybe there are similar issues with other binascii functions (not checked).
msg272685 - (view)	Author: Serhiy Storchaka (serhiy.storchaka) *	Date: 2016-08-14 18:31
Here is a patch that fixes buffer overrun in binascii.b2a_qp() and binascii.a2b_qp() and adds additional tests.
msg276446 - (view)	Author: Roundup Robot (python-dev)	Date: 2016-09-14 13:39
New changeset 423ad3b14ee1 by Serhiy Storchaka in branch '3.5': Issue #27599: Fixed buffer overrun in binascii.b2a_qp() and binascii.a2b_qp(). https://hg.python.org/cpython/rev/423ad3b14ee1 New changeset fbc579ec36ab by Serhiy Storchaka in branch '2.7': Issue #27599: Fixed buffer overrun in binascii.b2a_qp() and binascii.a2b_qp(). https://hg.python.org/cpython/rev/fbc579ec36ab New changeset d53e1a5576e6 by Serhiy Storchaka in branch '3.6': Issue #27599: Fixed buffer overrun in binascii.b2a_qp() and binascii.a2b_qp(). https://hg.python.org/cpython/rev/d53e1a5576e6 New changeset 56294e03ad89 by Serhiy Storchaka in branch 'default': Issue #27599: Fixed buffer overrun in binascii.b2a_qp() and binascii.a2b_qp(). https://hg.python.org/cpython/rev/56294e03ad89