[Python-Dev] sprintf() usage (Re: mysnprintf broken) (original) (raw)

M.-A. Lemburg mal@lemburg.com
Tue, 27 Nov 2001 11:53:14 +0100

• Previous message: [Python-Dev] Re: mysnprintf broken
• Next message: [Python-Dev] sprintf() usage (Re: mysnprintf broken)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Grepping through the Python source code there are 191 usages of sprintf() -- shouldn't these be modified to use PyOS_snprintf() instead ?

Python/getargs.c would be a particularly important case to fix, since the sprintf()s in there are not protected against buffer overflows -- it seems that long function names could be used to exploit this, e.g. in multi-user environments like Zope to obtain admin priviledges.

-- Marc-Andre Lemburg CEO eGenix.com Software GmbH

Consulting & Company: http://www.egenix.com/ Python Software: http://www.lemburg.com/python/

• Previous message: [Python-Dev] Re: mysnprintf broken
• Next message: [Python-Dev] sprintf() usage (Re: mysnprintf broken)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]