[Python-checkins] bpo-36845: validate integer network prefix when constructing IP networks (GH-13298)
Inada Naoki
webhook-mailer at python.org
Tue May 14 07:00:21 EDT 2019
https://github.com/python/cpython/commit/30cccf084d1560d9e3382e69d828b3be8cdb0286
commit: 30cccf084d1560d9e3382e69d828b3be8cdb0286
branch: 3.7
author: Miss Islington (bot) <31488909+miss-islington at users.noreply.github.com>
committer: Inada Naoki <songofacandy at gmail.com>
date: 2019-05-14T20:00:16+09:00
summary:
bpo-36845: validate integer network prefix when constructing IP networks (GH-13298)
(cherry picked from commit 5e48e3db6f5a937023e99d89cef8884d22bd8533)
Co-authored-by: Nicolai Moore <niconorsk at gmail.com>
files:
A Misc/NEWS.d/next/Library/2019-05-14-07-57-02.bpo-36845._GtFFf.rst
M Lib/ipaddress.py
M Lib/test/test_ipaddress.py
M Misc/ACKS
diff --git a/Lib/ipaddress.py b/Lib/ipaddress.py
index cc9ae7118d67..4eec1f337c13 100644
--- a/Lib/ipaddress.py
+++ b/Lib/ipaddress.py
@@ -1101,6 +1101,8 @@ def _make_netmask(cls, arg):
if arg not in cls._netmask_cache:
if isinstance(arg, int):
prefixlen = arg
+ if not (0 <= prefixlen <= cls._max_prefixlen):
+ cls._report_invalid_netmask(prefixlen)
else:
try:
# Check for a netmask in prefix length form
@@ -1622,6 +1624,8 @@ def _make_netmask(cls, arg):
if arg not in cls._netmask_cache:
if isinstance(arg, int):
prefixlen = arg
+ if not (0 <= prefixlen <= cls._max_prefixlen):
+ cls._report_invalid_netmask(prefixlen)
else:
prefixlen = cls._prefix_from_prefix_string(arg)
netmask = IPv6Address(cls._ip_int_from_prefix(prefixlen))
diff --git a/Lib/test/test_ipaddress.py b/Lib/test/test_ipaddress.py
index 0e0753f34c49..3c50eec456ab 100644
--- a/Lib/test/test_ipaddress.py
+++ b/Lib/test/test_ipaddress.py
@@ -466,6 +466,14 @@ def assertBadNetmask(addr, netmask):
assertBadNetmask("1.1.1.1", "pudding")
assertBadNetmask("1.1.1.1", "::")
+ def test_netmask_in_tuple_errors(self):
+ def assertBadNetmask(addr, netmask):
+ msg = "%r is not a valid netmask" % netmask
+ with self.assertNetmaskError(re.escape(msg)):
+ self.factory((addr, netmask))
+ assertBadNetmask("1.1.1.1", -1)
+ assertBadNetmask("1.1.1.1", 33)
+
def test_pickle(self):
self.pickle_test('192.0.2.0/27')
self.pickle_test('192.0.2.0/31') # IPV4LENGTH - 1
@@ -579,6 +587,14 @@ def assertBadNetmask(addr, netmask):
assertBadNetmask("::1", "pudding")
assertBadNetmask("::", "::")
+ def test_netmask_in_tuple_errors(self):
+ def assertBadNetmask(addr, netmask):
+ msg = "%r is not a valid netmask" % netmask
+ with self.assertNetmaskError(re.escape(msg)):
+ self.factory((addr, netmask))
+ assertBadNetmask("::1", -1)
+ assertBadNetmask("::1", 129)
+
def test_pickle(self):
self.pickle_test('2001:db8::1000/124')
self.pickle_test('2001:db8::1000/127') # IPV6LENGTH - 1
diff --git a/Misc/ACKS b/Misc/ACKS
index 8998c7bf6b61..025944f318f9 100644
--- a/Misc/ACKS
+++ b/Misc/ACKS
@@ -1093,6 +1093,7 @@ Bastien Montagne
Skip Montanaro
Peter Moody
Alan D. Moore
+Nicolai Moore
Paul Moore
Ross Moore
Ben Morgan
diff --git a/Misc/NEWS.d/next/Library/2019-05-14-07-57-02.bpo-36845._GtFFf.rst b/Misc/NEWS.d/next/Library/2019-05-14-07-57-02.bpo-36845._GtFFf.rst
new file mode 100644
index 000000000000..c819dce3a57c
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2019-05-14-07-57-02.bpo-36845._GtFFf.rst
@@ -0,0 +1,2 @@
+Added validation of integer prefixes to the construction of IP networks and
+interfaces in the ipaddress module.
More information about the Python-checkins
mailing list