Ukukhishwa okulungile kolimi lokuhlela lwe-Python 3.7.10 kanye no-3.6.13 kuyatholakala, okulungisa ukuba sengozini (CVE-2021-3177) okungaholela ekusebenziseni ikhodi lapho kucutshungulwa izinombolo zephoyinti elintantayo ezingagunyaziwe kuzibambi ezibiza imisebenzi engu-C kusetshenziswa indlela ye-ctypes. . Inkinga iphinde ithinte amagatsha e-Python 3.8 kanye ne-3.9, kodwa izibuyekezo zawo zisesimeni sekhandidethi lokukhishwa (ukukhishwa kuhlelelwe umhlaka-1 Mashi).
Inkinga ibangelwa ukuchichima kwebhafa kumsebenzi we-ctypes PyCArg_repr(), okwenzeka ngenxa yokusetshenziswa okungaphephile kwe-sprintf. Ikakhulukazi, ukucubungula umphumela wenguquko 'sprintf(buffer," ", self->tag, self->value.b)' inikeze ibhafa emile engamabhayithi angu-256 ("char buffer[256]"), kuyilapho umphumela ungase udlule leli nani. Ukuze uhlole ukuba sengozini kwezinhlelo zokusebenza ekubeni sengozini, ungazama ukudlulisa inani elithi “1e300”, okuthi uma licutshungulwa ngendlela ye-c_double.from_param, liholele ekuphahlazekeni, njengoba inombolo ewumphumela iqukethe izinhlamvu ezingu-308 futhi ingangeni ku- 256-byte buffer. Isibonelo sekhodi eyinkinga: ngenisa ama-ctypes; x = ctypes.c_double.from_param(1e300); i-repr(x)
Inkinga ihlala ingalungisiwe ku-Debian, Ubuntu kanye ne-FreeBSD, kodwa isivele ilungisiwe ku-Arch Linux, Fedora, SUSE. Ku-RHEL, ubungozi abenzeki ngenxa yokuhlanganiswa kwephakheji kumodi ye-FORTIFY_SOURCE, evimbela ukuchichima kwebhafa emisebenzini yeyunithi yezinhlamvu.
Source: opennet.ru