New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
socket.getaddrinfo(host) doesn't ensure that host.encode() returns a byte string #68872
Comments
eck(idna)); |
5513 idna = _PyObject_CallMethodId(hobj, &PyId_encode, "s", "idna"); The assertion fails because the custom string type in poc_getaddr.py returns an integer, not a byte string. IMHO we should call PyUnicode_AsEncodedObject() instead of calling the encode() method. |
@paul: are you fuzzing Python? |
@Haypo: At this moment I have multiple bugs submitted over 2 months ago, which still aren't patched. Without patches, hackerone won't accept these issues, so my incentive to work on python is removed. |
ISTM this is a case where Python's core shouldn't be using assert. It's possible for userland code to trigger an assertion failure, which means it should be a regular if(..) raise. Patch attached. @Haypo, what do you mean by "fuzzing"? Is there something I've missed here? |
Oops, forgot to add a test. Using a variant of poc_getaddr.py to construct something which fails on current CPython tip, and passes with the patch. |
New changeset 2bff115e6ba0 by Victor Stinner in branch '3.4': New changeset 0c13674cf8b5 by Victor Stinner in branch '2.7': |
Ok, I fixed the bug in Python 2.7, 3.4, 3.5 and 3.6. (Python 2.7 was also impacted for custom *unicode* strings.) Thanks for your bug report paul!
Right, this check is implemented in PyUnicode_AsEncodedString(). Moreover, PyUnicode_AsEncodedString() calls directly the codec, it doesn't call the encode() method of the input string. (Sorry, I wrote PyUnicode_AsEncodedObject() which has a different purpose.)
|
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: