Debian Bug report logs - #416931
python2.4: off-by-one bug in strxfrm() (causes information leak)

version graph

Package: python2.4; Maintainer for python2.4 is (unknown);

Reported by: "Piotr Engelking" <inkerman42@gmail.com>

Date: Sat, 31 Mar 2007 15:03:02 UTC

Severity: important

Tags: patch, security

Found in version python2.4/2.4.4-2

Fixed in version python2.4/2.4.4-3

Done: Matthias Klose <doko@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Matthias Klose <doko@debian.org>:
Bug#416931; Package python2.4. (full text, mbox, link).

Acknowledgement sent to "Piotr Engelking" <inkerman42@gmail.com>:
New Bug report received and forwarded. Copy sent to Matthias Klose <doko@debian.org>. (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: "Piotr Engelking" <inkerman42@gmail.com>
To: "Debian BTS" <submit@bugs.debian.org>
Subject: python2.4: off-by-one bug in strxfrm() (causes information leak)
Date: Sat, 31 Mar 2007 16:54:37 +0200
[Message part 1 (text/plain, inline)]
Package: python2.4
Version: 2.4.4-2
Severity: important
Tags: security patch

In Modules/_localemodule.c, PyLocale_strxfrm() miscalculates the length of
the strxfrm() destination buffer, which causes the function to return a
wrong string, and to read past the destination buffer, which may (and does)
result in an information leak. The bug is also present in python2.5.

The attached patch fixes this problem.


-- System Information:
Debian Release: 4.0
 APT prefers testing
 APT policy: (500, 'testing')
Architecture: i386 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18
Locale: LANG=C, LC_CTYPE=pl_PL.UTF8 (charmap=UTF-8)

Versions of packages python2.4 depends on:
ii  libbz2-1.0                  1.0.3-6      high-quality block-sorting file co
ii  libc6                       2.3.6.ds1-13 GNU C Library: Shared libraries
ii  libdb4.4                    4.4.20-8     Berkeley v4.4 Database Libraries [
ii  libncursesw5                5.5-5        Shared libraries for terminal hand
ii  libreadline5                5.2-2        GNU readline and history libraries
ii  libssl0.9.8                 0.9.8c-4     SSL shared libraries
ii  mime-support                3.39-1       MIME files 'mime.types' & 'mailcap
ii  python2.4-minimal           2.4.4-2      A minimal subset of the Python lan

python2.4 recommends no packages.

-- no debconf information

[strxfrm-leak.patch (text/x-patch, attachment)]

Bug 416931 cloned as bug 416934. Request was from "Piotr Engelking" <inkerman42@gmail.com> to control@bugs.debian.org. (Sat, 31 Mar 2007 15:09:05 GMT) (full text, mbox, link).

Reply sent to Matthias Klose <doko@debian.org>:
You have taken responsibility. (full text, mbox, link).

Notification sent to "Piotr Engelking" <inkerman42@gmail.com>:
Bug acknowledged by developer. (full text, mbox, link).

Message #12 received at 416931-close@bugs.debian.org (full text, mbox, reply):

From: Matthias Klose <doko@debian.org>
To: 416931-close@bugs.debian.org
Subject: Bug#416931: fixed in python2.4 2.4.4-3
Date: Thu, 05 Apr 2007 18:32:05 +0000
Source: python2.4
Source-Version: 2.4.4-3

We believe that the bug you reported is fixed in the latest version of
python2.4, which is due to be installed in the Debian FTP archive:

idle-python2.4_2.4.4-3_all.deb
  to pool/main/p/python2.4/idle-python2.4_2.4.4-3_all.deb
python2.4-dbg_2.4.4-3_i386.deb
  to pool/main/p/python2.4/python2.4-dbg_2.4.4-3_i386.deb
python2.4-dev_2.4.4-3_i386.deb
  to pool/main/p/python2.4/python2.4-dev_2.4.4-3_i386.deb
python2.4-examples_2.4.4-3_all.deb
  to pool/main/p/python2.4/python2.4-examples_2.4.4-3_all.deb
python2.4-minimal_2.4.4-3_i386.deb
  to pool/main/p/python2.4/python2.4-minimal_2.4.4-3_i386.deb
python2.4_2.4.4-3.diff.gz
  to pool/main/p/python2.4/python2.4_2.4.4-3.diff.gz
python2.4_2.4.4-3.dsc
  to pool/main/p/python2.4/python2.4_2.4.4-3.dsc
python2.4_2.4.4-3_i386.deb
  to pool/main/p/python2.4/python2.4_2.4.4-3_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 416931@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Matthias Klose <doko@debian.org> (supplier of updated python2.4 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu,  5 Apr 2007 19:41:13 +0200
Source: python2.4
Binary: python2.4-doc python2.4-dev python2.4-minimal python2.4-dbg python2.4 idle-python2.4 python2.4-examples
Architecture: source i386 all
Version: 2.4.4-3
Distribution: unstable
Urgency: high
Maintainer: Matthias Klose <doko@debian.org>
Changed-By: Matthias Klose <doko@debian.org>
Description: 
 idle-python2.4 - An IDE for Python (v2.4) using Tkinter
 python2.4  - An interactive high-level object-oriented language (version 2.4)
 python2.4-dbg - Debug Build of the Python Interpreter (version 2.4)
 python2.4-dev - Header files and a static library for Python (v2.4)
 python2.4-examples - Examples for the Python language (v2.4)
 python2.4-minimal - A minimal subset of the Python language (version 2.4)
Closes: 416931
Changes: 
 python2.4 (2.4.4-3) unstable; urgency=high
 .
   * Fix off-by-one bug in locale.strxfrm(). Closes: #416931.
   * When trying to import the profile and pstats modules, don't
     exit, just add a hint to the exception pointing to the python-profiler
     package.
   * Remove outdated debhelper example scripts.
Files: 
 1af6419e53612c7000699317ab46b3a8 1189 python optional python2.4_2.4.4-3.dsc
 e536ba8b8d6d4a5672cc6d2fdacbcbe5 193734 python optional python2.4_2.4.4-3.diff.gz
 4a66978b1595ceee1f2d151cbd6e5fd3 590082 python optional python2.4-examples_2.4.4-3_all.deb
 17bd73988145f1344bf96dd574dd87e0 60750 python optional idle-python2.4_2.4.4-3_all.deb
 cfe1dfd8d1b8d30aaab198084fb194f4 2849080 python optional python2.4_2.4.4-3_i386.deb
 6a21f251690cdd4a5f35936bfcc5a02c 900502 python optional python2.4-minimal_2.4.4-3_i386.deb
 d3b179ec66998b4d75333128b1d243d4 1508636 python optional python2.4-dev_2.4.4-3_i386.deb
 248a1fbef767bff7d42732f03a3ad62f 5175790 python extra python2.4-dbg_2.4.4-3_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGFTwcStlRaw+TLJwRAsn7AJ4jd/jENlUVi35axPYtji9rG+QWXACgo0zy
ARTF5FUJjdeOUdmAzBah5jo=
=YA5L
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 25 Jun 2007 03:06:22 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Jan 5 09:21:23 2018; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.