File tree 3 files changed +15
-4
lines changed
Filter options
Misc/NEWS.d/next/Security 3 files changed +15
-4
lines changed
Original file line number Diff line number Diff line change @@ -1660,6 +1660,9 @@ def _ip_int_from_string(cls, ip_str):
16601660 """
16611661 if not ip_str :
16621662 raise AddressValueError ('Address cannot be empty' )
1663+ if len (ip_str ) > 39 :
1664+ msg = "At most 39 characters expected in %r" % (ip_str ,)
1665+ raise AddressValueError (msg )
16631666
16641667 # We want to allow more parts than the max to be 'split'
16651668 # to preserve the correct error message when there are
Original file line number Diff line number Diff line change @@ -396,8 +396,17 @@ def assertBadSplit(addr):
396396 assertBadSplit ("8:7:6:5:4:3:2:1::%scope" )
397397 # A trailing IPv4 address is two parts
398398 assertBadSplit ("10:9:8:7:6:5:4:3:42.42.42.42%scope" )
399+
400+ def test_bad_address_split_v6_too_long (self ):
401+ def assertBadSplit (addr ):
402+ msg = "At most 39 characters expected in %r"
403+ with self .assertAddressError (msg , addr .split ('%' )[0 ]):
404+ ipaddress .IPv6Address (addr )
405+
399406 # Long IPv6 address
400- assertBadSplit (("0:" * 10000 ) + "0" )
407+ long_addr = ("0:" * 10000 ) + "0"
408+ assertBadSplit (long_addr )
409+ assertBadSplit (long_addr + "%zoneid" )
401410
402411 def test_bad_address_split_v6_too_many_parts (self ):
403412 def assertBadSplit (addr ):
Original file line number Diff line number Diff line change 1- Limit the number of splitting on colons (``: ``) that will occur while parsing
2- an IPv6 address. This prevents excessive memory consumption and potential
3- denial-of-service when parsing a large IPv6 address.
1+ Short-circuit the processing of long IPv6 addresses early to prevent excessive
2+ memory consumption and a minor denial-of-service.
You can’t perform that action at this time.
0 commit comments