Author orsenthil
Recipients ncoghlan, orsenthil, r.david.murray, zulla
Date 2012-03-09.03:07:00
SpamBayes Score 9.16798e-09
Marked as misclassified No
Message-id <1331262421.68.0.340682399848.issue14036@psf.upfronthosting.co.za>
In-reply-to
Content
Couple of points:

1. On your last example, which webserver treats 'L' as part of port number? I can't of anything.

2. Can you write a "real application" which is listening to beyond 65535? Which platform would it be?

Current way of handling invalid port like, int('foo') by raising ValueError seems to be a better than returning a None.  A better error message could be desirable, but that does not make it a security issue.

Additionally, for the example of int changing long integer to 'L' appended one would a 2.x case as it is no longer the behavior in 3.x

Also, I would advice to look at getPort function in a C library or a Java library and see what it does. The only difference I see is, they return -1 where Python returns None.

I am changing the request type to an enhancement, because there is not a valid argument to support that it is a security issue.
History
Date User Action Args
2012-03-09 03:07:01orsenthilsetrecipients: + orsenthil, ncoghlan, r.david.murray, zulla
2012-03-09 03:07:01orsenthilsetmessageid: <1331262421.68.0.340682399848.issue14036@psf.upfronthosting.co.za>
2012-03-09 03:07:01orsenthillinkissue14036 messages
2012-03-09 03:07:00orsenthilcreate