Shulou(Shulou.com)06/01 Report--

This article introduces the relevant knowledge of "how to solve the Python null pointer reference vulnerability". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Brief introduction of vulnerabilities:

A null pointer reference vulnerability in Python's latest version of Python 3.8.5 occurs when Python processes .pyc files.

Here is the crash message:

$Python-3.8.5/python 00-SEGV-on-unknown-address-Python-3.8.5.pyc Could not find platform dependent libraries Consider setting $PYTHONHOME to [:] AddressSanitizer:DEADLYSIGNAL = = 8079==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000018 (pc 0x0000008aa86b bp 0x000000000000 sp 0x7ffe2a3f5bf0 T0) = = 8079==The signal is caused by a READ memory access. = = 8079==Hint: address points to the zero page. # 0 0x8aa86a in _ PyEval_EvalCodeWithName / home/test/Python-3.8.5/Python/ceval.c:4266:23 # 1 0x866d0f in PyEval_EvalCodeEx / home/test/Python-3.8.5/Python/ceval.c:4327:12 # 2 0x866d0f in PyEval_EvalCode / home/test/Python-3.8.5/Python/ceval.c:718:12 # 3 0x9f7355 in run_eval_code_obj / home/test/Python-3. 8.5/Python/pythonrun.c:1125:9 # 4 0x9e682d in run_pyc_file / home/test/Python-3.8.5/Python/pythonrun.c:1184:9 # 5 0x9e682d in PyRun_SimpleFileExFlags / home/test/Python-3.8.5/Python/pythonrun.c:419:13 # 6 0x9e4ca5 in PyRun_AnyFileExFlags / home/test/Python-3.8.5/Python/pythonrun.c:86:16 # 7 0x5108db in pymain_run_file / home/test/Python-3.8.5/Modules/main.c:381:15 # 8 0x5108db in pymain_run_python / home/test/Python-3.8.5/Modules/main.c:606:21 # 9 0x5108db in Py_RunMain / home/test/Python-3.8.5/Modules/main.c:685:5 # 10 0x5129d6 in pymain_main / home/test/Python-3.8.5 / Modules/main.c:715:12 # 11 0x512dd7 in Py_BytesMain / home/test/Python-3.8.5/Modules/main.c:739:12 # 12 0x7f8316d4b82f in _ _ libc_start_main / build/glibc-LK5gWL/glibc-2.23/csu/../csu/libc-start.c:291 # 13 0x438888 in _ start (/ home/test/Python-3.8.5-Fuzz/python+0x438888) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV / home/test/Python-3.8.5/Python/ceval.c:4266:23 in _ PyEval_EvalCodeWithName = = 8079==ABORTING vulnerability analysis:

Call the PyEval_EvalCodeEx function in the function PyEval_EvalCode (Python-3.8.5/Python/ceval.c).

PyObject * PyEval_EvalCode (PyObject * co, PyObject * globals, PyObject * locals) {return PyEval_EvalCodeEx (co, globals, locals, (PyObject * *) NULL, 0, (PyObject *) NULL, 0, (PyObject * *) NULL, 0, NULL, NULL);}

Closure is set to NULL in the arguments passed to the PyEval_EvalCodeEx function.

PyObject * PyEval_EvalCodeEx (PyObject * _ co, PyObject * globals, PyObject * locals, PyObject * const * args, int argcount, PyObject * const * kws, int kwcount, PyObject * const * defs, int defcount, PyObject * kwdefs, PyObject * closure) {return _ PyEval_EvalCodeWithName (_ co, globals, locals Args, argcount, kws, kws! = NULL? Kws + 1: NULL, kwcount, 2, defs, defcount, kwdefs, closure, NULL, NULL);}

The PyEval_EvalCodeEx function continues to call the _ PyEval_EvalCodeWithName function with the same value of NULL.

PyObject * _ PyEval_EvalCodeWithName (PyObject * _ co, PyObject * globals, PyObject * locals, PyObject * const * args, Py_ssize_t argcount, PyObject * const * kwnames, PyObject * const * kwargs, Py_ssize_t kwcount, int kwstep, PyObject * const * defs, Py_ssize_t defcount, PyObject * kwdefs, PyObject * closure, PyObject * name PyObject * qualname) {* / * Copy closure variables to free variables * / for (I = 0 I

Co_freevars); + + I) {PyObject * o = PyTuple_GET_ITEM (closure, I); co_cellvars) + I] = o;} *} repair suggestions:

The value of closure is judged before referencing closure in the _ PyEval_EvalCodeWithName function.

This is the end of the content of "how to solve the Python null pointer reference vulnerability". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.