diff options
| author | achraf-mer <51244975+achraf-mer@users.noreply.github.com> | 2021-08-17 23:46:37 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-08-17 23:46:37 (GMT) |
| commit | 03dd89d62413c4a92831ed1b36e2ae8983bcb2d4 (patch) | |
| tree | bf9a53308e0e696409fb57123cd1b425180dc0ff /Misc | |
| parent | d7f5796a1ec7ba223f6a844d7580559abef05238 (diff) | |
| download | cpython-03dd89d62413c4a92831ed1b36e2ae8983bcb2d4.zip cpython-03dd89d62413c4a92831ed1b36e2ae8983bcb2d4.tar.gz cpython-03dd89d62413c4a92831ed1b36e2ae8983bcb2d4.tar.bz2 | |
[3.8] bpo-36384: Leading zeros in IPv4 addresses are no longer tolerated (GH-25099) (GH-27801)
Reverts commit e653d4d8e820a7a004ad399530af0135b45db27a and makes
parsing even more strict. Like socket.inet_pton() any leading zero
is now treated as invalid input.
Signed-off-by: Christian Heimes <christian@python.org>
Co-authored-by: Ćukasz Langa <lukasz@langa.pl>
Diffstat (limited to 'Misc')
| -rw-r--r-- | Misc/NEWS.d/next/Security/2021-03-30-16-29-51.bpo-36384.sCAmLs.rst | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/Misc/NEWS.d/next/Security/2021-03-30-16-29-51.bpo-36384.sCAmLs.rst b/Misc/NEWS.d/next/Security/2021-03-30-16-29-51.bpo-36384.sCAmLs.rst new file mode 100644 index 0000000..f956cde --- /dev/null +++ b/Misc/NEWS.d/next/Security/2021-03-30-16-29-51.bpo-36384.sCAmLs.rst @@ -0,0 +1,6 @@ +:mod:`ipaddress` module no longer accepts any leading zeros in IPv4 address +strings. Leading zeros are ambiguous and interpreted as octal notation by +some libraries. For example the legacy function :func:`socket.inet_aton` +treats leading zeros as octal notatation. glibc implementation of modern +:func:`~socket.inet_pton` does not accept any leading zeros. For a while +the :mod:`ipaddress` module used to accept ambiguous leading zeros. |