[issue14036] urlparse insufficient port property validation
Senthil Kumaran
report at bugs.python.org
Mon May 21 17:23:16 CEST 2012
Senthil Kumaran <senthil at uthcode.com> added the comment:
pass_to_cython(urlparse("http://google.de:999999**999999[to be calculated]").port)
is no different than sending
pass_to_cython(999999**999999[to be calculated])
In that case, would the former make a security loop hole in urlparse? Looks pretty contrived to me as an example for .port bug.
However, I agree with one point in your assertion, namely that port be checked that it is within the range integer >= 1 and <= 65535. If it is not, return None as a response in port.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue14036>
_______________________________________
More information about the Python-bugs-list
mailing list