[elspy] Coredump bug in elspy 0.1.1

Greg Ward gward at python.net
Sun Aug 24 18:43:11 EDT 2003


Hi all -- while getting elspy working on a new system today, I
discovered a nasty little coredump bug in the C code.  While I was
working with the latest code from CVS, the bug is clearly present in
elspy 0.1.1.  If you're using this version, I recommend that you apply
this patch and recompile Exim:

--- elspy.c.elspy-0.1.1 2003-08-24 17:39:29.000000000 -0400
+++ elspy.c.lookup_func-segfault-fix    2003-08-24 17:39:49.000000000 -0400
@@ -352,15 +352,12 @@
    mod_dict = PyModule_GetDict(module);
    func = PyDict_GetItemString(mod_dict, func_name);
 
-   if (func) {
-      if (! PyCallable_Check(func)) {
-         log_error("error: %s object in %s module not callable",
-                   func_name, mod_name);
-         return NULL;
-      }
-      else
-         return func;
+   if (func != NULL && !PyCallable_Check(func)) {
+      log_error("error: %s object in %s module not callable",
+               func_name, mod_name);
+      return NULL;
    }
+   return func;
 }
 
Since this is a coredump (the lookup_func() was missing a return
statement, so just returned whatever random junk was at the top of the
stack), there are probably security implications.  If anyone wants to
see an elspy 0.1.2 release to address this, just ask.  But I'm not going
to bother if I'm the only one affected.

        Greg
-- 
Greg Ward <gward at python.net>                         http://www.gerg.ca/
I'm on a strict vegetarian diet -- I only eat vegetarians.



More information about the elspy-users mailing list