Litokollo tse lokisoang tsa puo ea lenaneo la Python 3.7.10 le 3.6.13 lia fumaneha, tse lokisang tlokotsi (CVE-2021-3177) e ka lebisang ts'ebetsong ea khoutu ha ho sebetsoa linomoro tse sa netefatsoang tsa lintlha tse phaphametseng ho ba sebetsang ba bitsang mesebetsi ea C ba sebelisa mochine oa ctypes. . Bothata bo boetse bo ama makala a Python 3.8 le 3.9, empa lintlafatso bakeng sa tsona li ntse li le boemong ba mokhethoa oa tokollo (tokollo e reriloeng ka la 1 Hlakubele).
Bothata bo bakoa ke ho phalla ha buffer ho ctypes function PyCArg_repr (), e hlahang ka lebaka la tšebeliso e sa sireletsehang ea sprintf. Haholo-holo, ho sebetsana le sephetho sa phetoho 'sprintf(buffer," ", self->tag, self->value.b)' abela static buffer ea 256 bytes ("char buffer[256]"), ha sephetho se ka feta boleng bona. Ho lekola bofokoli ba lits'ebetso ho ts'oenyeho, o ka leka ho fetisa boleng "1e300", boo, ha bo sebetsoa ka mokhoa oa c_double.from_param, bo tla lebisa ho putlama, kaha palo e hlahisoang e na le litlhaku tse 308 mme ha e kenelle ho 256-byte buffer. Mohlala oa khoutu e nang le bothata: import ctypes; x = ctypes.c_double.from_param(1e300); repr(x)
Bothata bo lula bo sa rarolloe ho Debian, Ubuntu le FreeBSD, empa bo se bo lokisitsoe ho Arch Linux, Fedora, SUSE. Ho RHEL, ts'oaetso ha e hlahe ka lebaka la kopano ea sephutheloana ka mokhoa oa FORTIFY_SOURCE, e thibelang buffer e phallang ka mokhoa oa likhoele.
Source: opennet.ru