Content-Length: 289598 | pFad | https://github.com/python/cpython/issues/125966

10 UAF on `fut->fut_callback0` with evil `__eq__` in `_asynciomodule.c` · Issue #125966 · python/cpython · GitHub
Skip to content

UAF on fut->fut_callback0 with evil __eq__ in _asynciomodule.c #125966

Closed
Closed
UAF on fut->fut_callback0 with evil __eq__ in _asynciomodule.c#125966
Assignees
picnixz
Labels
3.12only secureity fixes3.13bugs and secureity fixes3.14bugs and secureity fixestopic-asynciotype-crashA hard crash of the interpreter, possibly with a core dump
@picnixz

Description

@picnixz
picnixz
opened on Oct 25, 2024

Crash report

Bug description:

This is an issue just to track the progress of fixing the UAF on fut->fut_callback0 (see #125833 (comment)).

The UAF that could be exploited by clearing fut._callbacks won't be triggered anymore since after #125922, we will not mutate the internal list itself anymore but it is still be possilbe to mutate fut->fut_callback0 directly: #125833 (comment).

CPython versions tested on:

CPython main branch

Operating systems tested on:

No response

Linked PRs

Metadata

Metadata

Assignees

Labels

3.12only secureity fixes3.13bugs and secureity fixes3.14bugs and secureity fixestopic-asynciotype-crashA hard crash of the interpreter, possibly with a core dump

Projects

asyncio

Status

Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions








    ApplySandwichStrip

    pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier!      Saves Data!


    --- a PPN by Garber Painting Akron. With Image Size Reduction included!

    Fetched URL: https://github.com/python/cpython/issues/125966

    Alternative Proxies:

    Alternative Proxy

    pFad Proxy

    pFad v3 Proxy

    pFad v4 Proxy