[New-bugs-announce] [issue30711] getaddrinfo invalid port number
Radek Smejkal
report at bugs.python.org
Tue Jun 20 09:26:15 EDT 2017
New submission from Radek Smejkal:
Some getaddrinfo implementations do not detect invalid numeric services and blindly pass the port number to htons(). For example, service "960179" is returned as port 42675.
glibc
https://sourceware.org/bugzilla/show_bug.cgi?id=16208
https://sourceware.org/git/?p=glibc.git;a=blob;f=sysdeps/posix/getaddrinfo.c;h=a8bdd9a1829409bd797637b2c4fca4d67a11012d;hb=HEAD#l435
https://sourceware.org/git/?p=glibc.git;a=blob;f=sysdeps/posix/getaddrinfo.c;h=a8bdd9a1829409bd797637b2c4fca4d67a11012d;hb=HEAD#l2313
AIX 7.1 libc
Broken
Modules/getaddrinfo
https://github.com/python/cpython/blob/master/Modules/getaddrinfo.c#L342
On the other hand, for example, OpenBSD and musl check the port range
https://github.com/openbsd/src/blob/master/lib/libc/asr/getaddrinfo_async.c#L477
https://git.musl-libc.org/cgit/musl/tree/src/network/lookup_serv.c#n53
Modules/getaddrinfo should be fixed.
The configure script should detect whether the system getaddrinfo is broken. If so, a wrapper that checks numeric services, and returns EAI_SERVICE or calls the system getaddrinfo should be used in place of the system getaddrinfo.
----------
components: Library (Lib)
messages: 296423
nosy: smejkar
priority: normal
severity: normal
status: open
title: getaddrinfo invalid port number
type: behavior
versions: Python 3.7
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue30711>
_______________________________________
More information about the New-bugs-announce
mailing list