Stack overflow in namespace.py

SeattleTestbed / repy_v1

Seattle Testbed's original Repy version 1 sandbox

MIT License

1 stars 4 forks source link

Stack overflow in namespace.py #94

Closed choksi81 closed 10 years ago

choksi81 commented 10 years ago

If you pass a dictionary with a circular reference into any API call, the namespace layer performs a "deep" copy without checking for circular references, and eventually overflows.

Here is an example exploit:


d = {"test":123}
d["ref"] = d
sleep(d)

This is especially problematic for the virtual namespace, where this is something that is very plausible, and likely to occur.

choksi81 commented 10 years ago

Author: jsamuel Fixed in r3247 (and some cleanup and frozenset changes in r3248). I don't believe there were any security concerns as untrusted programs can cause a stack overflow directly, if desired.