Let netaddr.IPAddress() use inet_pton() rather than inet_aton() for IP address parsing. We will use the same function in IPv4/IPv6 conversions + be stricter and don't allow IP addresses such as '1.1.1' at the same time.
https://fedorahosted.org/freeipa/ticket/1965
>From d780725fe480a2ad00abb5d0a28a7c09963684a6 Mon Sep 17 00:00:00 2001 From: Martin Kosek <[email protected]> Date: Thu, 13 Oct 2011 14:35:06 +0200 Subject: [PATCH] Make IPv4 address parsing more strict Let netaddr.IPAddress() use inet_pton() rather than inet_aton() for IP address parsing. We will use the same function in IPv4/IPv6 conversions + be stricter and don't allow IP addresses such as '1.1.1' at the same time. https://fedorahosted.org/freeipa/ticket/1965 --- ipapython/ipautil.py | 12 +++++++++--- 1 files changed, 9 insertions(+), 3 deletions(-) diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index 6e037926ce678557d9273be6ff1e9a6c65d0f80e..03bf0db2b0558683de219daa2088e9742c853652 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -69,9 +69,15 @@ def get_domain_name(): return domain_name class CheckedIPAddress(netaddr.IPAddress): + + # Use inet_pton() rather than inet_aton() for IP address parsing. We + # will use the same function in IPv4/IPv6 conversions + be stricter + # and don't allow IP addresses such as '1.1.1' in the same time + netaddr_ip_flags = netaddr.INET_PTON + def __init__(self, addr, match_local=False, parse_netmask=True): if isinstance(addr, CheckedIPAddress): - super(CheckedIPAddress, self).__init__(addr) + super(CheckedIPAddress, self).__init__(addr, flags=self.netaddr_ip_flags) self.prefixlen = addr.prefixlen self.defaultnet = addr.defaultnet self.interface = addr.interface @@ -88,7 +94,7 @@ class CheckedIPAddress(netaddr.IPAddress): pass else: try: - addr = netaddr.IPAddress(addr) + addr = netaddr.IPAddress(addr, flags=self.netaddr_ip_flags) except ValueError: net = netaddr.IPNetwork(addr) if not parse_netmask: @@ -140,7 +146,7 @@ class CheckedIPAddress(netaddr.IPAddress): if addr.version == 4 and addr == net.broadcast: raise ValueError("cannot use broadcast IP address") - super(CheckedIPAddress, self).__init__(addr) + super(CheckedIPAddress, self).__init__(addr, flags=self.netaddr_ip_flags) self.prefixlen = net.prefixlen self.defaultnet = defnet self.interface = iface -- 1.7.6.4
_______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
