Zowongolera zowongolera za chilankhulo cha Python 3.7.10 ndi 3.6.13 zilipo, zomwe zimakonza chiwopsezo (CVE-2021-3177) chomwe chingapangitse kuphatikizika kwa ma code pokonza manambala oyandama osavomerezeka mwa othandizira omwe amatcha C ntchito pogwiritsa ntchito makina a ctypes. . Vutoli limakhudzanso nthambi za Python 3.8 ndi 3.9, koma zosintha zawo zikadali pamikhalidwe ya ofuna kumasulidwa (kutulutsidwa kokonzekera Marichi 1).
Vutoli limadza chifukwa cha kusefukira kwa buffer mu ctypes function PyCArg_repr(), zomwe zimachitika chifukwa chogwiritsa ntchito sprintf mosatetezeka. Makamaka, kukonza zotsatira za kusintha kwa 'sprintf(buffer," ", self->tag, self->value.b)' inapereka bafa yokhazikika ya 256 byte ("char buffer[256]"), pamene chotsatira chikhoza kupitirira mtengo umenewu. Kuti muwone kusatetezeka kwa mapulogalamu omwe ali pachiwopsezo, mutha kuyesa kupitilira mtengo wa "1e300", womwe, ukakonzedwa ndi njira ya c_double.from_param, ungayambitse ngozi, popeza nambala yomwe ili ndi zilembo za 308 ndipo siyikugwirizana ndi 256-byte buffer. Chitsanzo cha code yamavuto: import ctypes; x = ctypes.c_double.from_param(1e300); kubwereza (x)
Vutoli silinakhazikitsidwe mu Debian, Ubuntu ndi FreeBSD, koma lakhazikitsidwa kale ku Arch Linux, Fedora, SUSE. Mu RHEL, chiwopsezo sichimachitika chifukwa cha kuphatikiza kwa phukusi mu FORTIFY_SOURCE mode, yomwe imalepheretsa buffer kusefukira mu zingwe.
Source: opennet.ru