Message 155204 - Python tracker

Message155204

Author	orsenthil
Recipients	ncoghlan, orsenthil, r.david.murray, zulla
Date	2012-03-09.03:07:00
SpamBayes Score	9.167983e-09
Marked as misclassified	No
Message-id	<1331262421.68.0.340682399848.issue14036@psf.upfronthosting.co.za>
In-reply-to

Content
Couple of points: 1. On your last example, which webserver treats 'L' as part of port number? I can't of anything. 2. Can you write a "real application" which is listening to beyond 65535? Which platform would it be? Current way of handling invalid port like, int('foo') by raising ValueError seems to be a better than returning a None. A better error message could be desirable, but that does not make it a security issue. Additionally, for the example of int changing long integer to 'L' appended one would a 2.x case as it is no longer the behavior in 3.x Also, I would advice to look at getPort function in a C library or a Java library and see what it does. The only difference I see is, they return -1 where Python returns None. I am changing the request type to an enhancement, because there is not a valid argument to support that it is a security issue.

Content

Couple of points:

1. On your last example, which webserver treats 'L' as part of port number? I can't of anything.

2. Can you write a "real application" which is listening to beyond 65535? Which platform would it be?

Current way of handling invalid port like, int('foo') by raising ValueError seems to be a better than returning a None.  A better error message could be desirable, but that does not make it a security issue.

Additionally, for the example of int changing long integer to 'L' appended one would a 2.x case as it is no longer the behavior in 3.x

Also, I would advice to look at getPort function in a C library or a Java library and see what it does. The only difference I see is, they return -1 where Python returns None.

I am changing the request type to an enhancement, because there is not a valid argument to support that it is a security issue.

History
Date	User	Action	Args
2012-03-09 03:07:01	orsenthil	set	recipients: + orsenthil, ncoghlan, r.david.murray, zulla
2012-03-09 03:07:01	orsenthil	set	messageid: <1331262421.68.0.340682399848.issue14036@psf.upfronthosting.co.za>
2012-03-09 03:07:01	orsenthil	link	issue14036 messages
2012-03-09 03:07:00	orsenthil	create