Re: Python 2.4 & 2.5 vulnerable, Patches inside

To: pkgsrc-users%netbsd.org@localhost
Subject: Re: Python 2.4 & 2.5 vulnerable, Patches inside
From: Jonathan Schleifer <js-pkgsrc-users%webkeks.org@localhost>
Date: Thu, 7 Aug 2008 17:26:07 +0200

Christian Biere <christianbiere%gmx.de@localhost> wrote:

> I'm talking about nonsense such as this:
> 
>  + int bytesize, nsize
> [...]
>  +    bytesize = nsize * 2;
>  +    if (bytesize / 2 != nsize)
>  +    return PyErr_NoMemory();

Ok, that indeed is a bad check for an integer overflow… I should have
looked more deeply at the patches before sending them in.

-- 
Jonathan

Attachment: signature.asc
Description: PGP signature

References:
- Python 2.4 & 2.5 vulnerable, Patches inside
  - From: Jonathan Schleifer
- Re: Python 2.4 & 2.5 vulnerable, Patches inside
  - From: Christian Biere
- Re: Python 2.4 & 2.5 vulnerable, Patches inside
  - From: Jonathan Schleifer
- Re: Python 2.4 & 2.5 vulnerable, Patches inside
  - From: Christian Biere

Prev by Date: Re: Removal of illegal packages
Next by Date: Re: Removal of illegal packages
Previous by Thread: Re: Python 2.4 & 2.5 vulnerable, Patches inside
Next by Thread: xcompmgr don't working in
Indexes:

Home | Main Index | Thread Index | Old Index