Message 161278 - Python tracker

Message161278

Author	orsenthil
Recipients	ezio.melotti, ncoghlan, orsenthil, r.david.murray, zulla
Date	2012-05-21.15:23:15
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1337613796.63.0.669869448982.issue14036@psf.upfronthosting.co.za>
In-reply-to

Content
pass_to_cython(urlparse("http://google.de:999999999999[to be calculated]").port) is no different than sending pass_to_cython(999999999999[to be calculated]) In that case, would the former make a security loop hole in urlparse? Looks pretty contrived to me as an example for .port bug. However, I agree with one point in your assertion, namely that port be checked that it is within the range integer >= 1 and <= 65535. If it is not, return None as a response in port.

Content

pass_to_cython(urlparse("http://google.de:999999**999999[to be calculated]").port)

is no different than sending

pass_to_cython(999999**999999[to be calculated])

In that case, would the former make a security loop hole in urlparse? Looks pretty contrived to me as an example for .port bug. 

However, I agree with one point in your assertion, namely that port be checked that it is within the range integer >= 1 and <= 65535. If it is not, return None as a response in port.

History
Date	User	Action	Args
2012-05-21 15:23:16	orsenthil	set	recipients: + orsenthil, ncoghlan, ezio.melotti, r.david.murray, zulla
2012-05-21 15:23:16	orsenthil	set	messageid: <1337613796.63.0.669869448982.issue14036@psf.upfronthosting.co.za>
2012-05-21 15:23:16	orsenthil	link	issue14036 messages
2012-05-21 15:23:15	orsenthil	create