Kev kho kom raug tso tawm ntawm Python programming lus 3.7.10 thiab 3.6.13 muaj, uas kho qhov muaj qhov tsis zoo (CVE-2021-3177) uas tuaj yeem ua rau kev ua lej thaum ua cov lej tsis raug ntab ntab hauv cov neeg tuav haujlwm uas hu C ua haujlwm siv ctypes mechanism. . Qhov teeb meem tseem cuam tshuam rau Python 3.8 thiab 3.9 ceg, tab sis kev hloov kho tshiab rau lawv tseem nyob hauv kev tso tawm tus neeg sib tw (tso tawm rau Lub Peb Hlis 1).
Qhov teeb meem yog tshwm sim los ntawm qhov tsis txaus nyob rau hauv lub ctypes muaj nuj nqi PyCARg_repr(), uas tshwm sim vim kev siv tsis zoo ntawm sprintf. Tshwj xeeb, txhawm rau ua cov txiaj ntsig ntawm kev hloov pauv 'sprintf (tsis, " ", self->tag, self->value.b)' faib qhov tsis zoo li qub ntawm 256 bytes ("char buffer[256]"), thaum qhov tshwm sim tuaj yeem tshaj qhov nqi no. Txhawm rau txheeb xyuas qhov tsis zoo ntawm daim ntawv thov mus rau qhov tsis zoo, koj tuaj yeem sim hla tus nqi "1e300", uas, thaum ua tiav los ntawm c_double.from_param txoj kev, yuav ua rau muaj kev sib tsoo, txij li tus lej tshwm sim muaj 308 cim thiab tsis haum rau hauv ib qho. 256-byte tsis. Piv txwv ntawm cov teeb meem code: import ctypes; x = ctypes.c_double.from_param(1e300); repr(x)
Qhov teeb meem tseem tsis tau kho hauv Debian, Ubuntu thiab FreeBSD, tab sis twb tau kho hauv Arch Linux, Fedora, SUSE. Hauv RHEL, qhov tsis muaj qhov tsis zoo tsis tshwm sim vim yog pob khoom sib dhos hauv FORTIFY_SOURCE hom, uas thaiv cov kev tsis sib xws hauv cov hlua ua haujlwm.
Tau qhov twg los: opennet.ru