Message 161278 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	orsenthil
Recipients	ezio.melotti, ncoghlan, orsenthil, r.david.murray, zulla
Date	2012-05-21.15:23:15
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<[email protected]>
In-reply-to

Content
pass_to_cython(urlparse("http://google.de:999999999999[to be calculated]").port) is no different than sending pass_to_cython(999999999999[to be calculated]) In that case, would the former make a security loop hole in urlparse? Looks pretty contrived to me as an example for .port bug. However, I agree with one point in your assertion, namely that port be checked that it is within the range integer >= 1 and <= 65535. If it is not, return None as a response in port.

pass_to_cython(urlparse("http://google.de:999999**999999[to be calculated]").port)

is no different than sending

pass_to_cython(999999**999999[to be calculated])

In that case, would the former make a security loop hole in urlparse? Looks pretty contrived to me as an example for .port bug. 

However, I agree with one point in your assertion, namely that port be checked that it is within the range integer >= 1 and <= 65535. If it is not, return None as a response in port.

History
Date	User	Action	Args
2012-05-21 15:23:16	orsenthil	set	recipients: + orsenthil, ncoghlan, ezio.melotti, r.david.murray, zulla
2012-05-21 15:23:16	orsenthil	set	messageid: <[email protected]>
2012-05-21 15:23:16	orsenthil	link	issue14036 messages
2012-05-21 15:23:15	orsenthil	create