projects / python / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f0be4bb)
bpo-36845: validate integer network prefix when constructing IP networks (GH-13298)
authorNicolai Moore <niconorsk@gmail.com>
Tue, 14 May 2019 10:32:59 +0000 (20:32 +1000)
committerInada Naoki <songofacandy@gmail.com>
Tue, 14 May 2019 10:32:59 +0000 (19:32 +0900)
Lib/ipaddress.py patch | blob | history
Lib/test/test_ipaddress.py patch | blob | history
Misc/ACKS patch | blob | history
Misc/NEWS.d/next/Library/2019-05-14-07-57-02.bpo-36845._GtFFf.rst [new file with mode: 0644] patch | blob

diff --git a/Lib/ipaddress.py b/Lib/ipaddress.py
index 662d7373890761b637c8cb284c75d30262be462b..873c7644081af660d72e85c0feaed3962549a9f0 100644 (file)
--- a/Lib/ipaddress.py
+++ b/Lib/ipaddress.py
@@ -1108,6 +1108,8 @@ class _BaseV4:
         if arg not in cls._netmask_cache:
             if isinstance(arg, int):
                 prefixlen = arg
+                if not (0 <= prefixlen <= cls._max_prefixlen):
+                    cls._report_invalid_netmask(prefixlen)
             else:
                 try:
                     # Check for a netmask in prefix length form
@@ -1538,6 +1540,8 @@ class _BaseV6:
         if arg not in cls._netmask_cache:
             if isinstance(arg, int):
                 prefixlen = arg
+                if not (0 <= prefixlen <= cls._max_prefixlen):
+                    cls._report_invalid_netmask(prefixlen)
             else:
                 prefixlen = cls._prefix_from_prefix_string(arg)
             netmask = IPv6Address(cls._ip_int_from_prefix(prefixlen))
diff --git a/Lib/test/test_ipaddress.py b/Lib/test/test_ipaddress.py
index 20316f15f8cfbd1259158f7c625efc3051ce6ba3..9e17ea0c7aac855d98abdee5c533c53c98a1a16c 100644 (file)
--- a/Lib/test/test_ipaddress.py
+++ b/Lib/test/test_ipaddress.py
@@ -466,6 +466,14 @@ class NetmaskTestMixin_v4(CommonTestMixin_v4):
         assertBadNetmask("1.1.1.1", "pudding")
         assertBadNetmask("1.1.1.1", "::")
 
+    def test_netmask_in_tuple_errors(self):
+        def assertBadNetmask(addr, netmask):
+            msg = "%r is not a valid netmask" % netmask
+            with self.assertNetmaskError(re.escape(msg)):
+                self.factory((addr, netmask))
+        assertBadNetmask("1.1.1.1", -1)
+        assertBadNetmask("1.1.1.1", 33)
+
     def test_pickle(self):
         self.pickle_test('192.0.2.0/27')
         self.pickle_test('192.0.2.0/31')  # IPV4LENGTH - 1
@@ -588,6 +596,14 @@ class NetmaskTestMixin_v6(CommonTestMixin_v6):
         assertBadNetmask("::1", "pudding")
         assertBadNetmask("::", "::")
 
+    def test_netmask_in_tuple_errors(self):
+        def assertBadNetmask(addr, netmask):
+            msg = "%r is not a valid netmask" % netmask
+            with self.assertNetmaskError(re.escape(msg)):
+                self.factory((addr, netmask))
+        assertBadNetmask("::1", -1)
+        assertBadNetmask("::1", 129)
+
     def test_pickle(self):
         self.pickle_test('2001:db8::1000/124')
         self.pickle_test('2001:db8::1000/127')  # IPV6LENGTH - 1
diff --git a/Misc/ACKS b/Misc/ACKS
index dfb96375360820462cc0344e41479602f39a3a9d..ec5b017d515ae288b703e64c4eed9bd67a0f1ac8 100644 (file)
--- a/Misc/ACKS
+++ b/Misc/ACKS
@@ -1108,6 +1108,7 @@ Bastien Montagne
 Skip Montanaro
 Peter Moody
 Alan D. Moore
+Nicolai Moore
 Paul Moore
 Ross Moore
 Ben Morgan
diff --git a/Misc/NEWS.d/next/Library/2019-05-14-07-57-02.bpo-36845._GtFFf.rst b/Misc/NEWS.d/next/Library/2019-05-14-07-57-02.bpo-36845._GtFFf.rst
new file mode 100644 (file)
index 0000000..c819dce
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2019-05-14-07-57-02.bpo-36845._GtFFf.rst
@@ -0,0 +1,2 @@
+Added validation of integer prefixes to the construction of IP networks and
+interfaces in the ipaddress module.
Unnamed repository; edit this file 'description' to name the repository.