Python 3.5 time_strftime() Buffer Over-Read
Posted by deepcore on November 3, 2015 – 1:53 pm
Python 3.5 suffers from a vulnerability caused by the behavior of the time_strftime() function. When called, the function loops over the format string provided, using strchr to search for each instance of ‘%’. After finding a ‘%’, it continues to search two characters ahead, assuming that each instance is the beginning of a well formed format string token. However, if a string ends with ‘%’, this logic will result in a call to strchr that reads off the end of the format string buffer.
Post a reply
You must be logged in to post a comment.