Message 42086 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	exarkun
Recipients
Date	2003-01-11.17:04:26
SpamBayes Score
Marked as misclassified
Message-id
In-reply-to

Content
Logged In: YES user_id=366566 Yea, testing for the proper input length is definitely something that should be done. The patch looks good, but for one thing. If the specified address family is neither AF_INET nor AF_INET6, the length won't be tested and the underlying inet_ntop will be called. This isn't a problem now (afaik) because only those two address families are support, but in a future libc version with more supported address families, it might open a similar hole to the one you've fixed. Perhaps the + } else { + PyErr_SetString(socket_error, "unknown address family"); + return NULL; + } should be moved up from the second if-grouping to follow the first if-grouping. Everything else looks good to me. Thanks for taking the time to look at this :)

Logged In: YES 
user_id=366566

Yea, testing for the proper input length is definitely
something that should be done.  The patch looks good, but
for one thing.  If the specified address family is neither
AF_INET nor AF_INET6, the length won't be tested and the
underlying inet_ntop will be called.  This isn't a problem
now (afaik) because only those two address families are
support, but in a future libc version with more supported
address families, it might open a similar hole to the one
you've fixed.  Perhaps the

+       } else {
+               PyErr_SetString(socket_error, "unknown
address family");
+               return NULL;
+       }

should be moved up from the second if-grouping to follow the
first if-grouping.  Everything else looks good to me. 
Thanks for taking the time to look at this :)

History
Date	User	Action	Args
2007-08-23 15:19:11	admin	link	issue658327 messages
2007-08-23 15:19:11	admin	create