Message42086
Logged In: YES
user_id=366566
Yea, testing for the proper input length is definitely
something that should be done. The patch looks good, but
for one thing. If the specified address family is neither
AF_INET nor AF_INET6, the length won't be tested and the
underlying inet_ntop will be called. This isn't a problem
now (afaik) because only those two address families are
support, but in a future libc version with more supported
address families, it might open a similar hole to the one
you've fixed. Perhaps the
+ } else {
+ PyErr_SetString(socket_error, "unknown
address family");
+ return NULL;
+ }
should be moved up from the second if-grouping to follow the
first if-grouping. Everything else looks good to me.
Thanks for taking the time to look at this :)
|
|
Date |
User |
Action |
Args |
2007-08-23 15:19:11 | admin | link | issue658327 messages |
2007-08-23 15:19:11 | admin | create | |
|