From f7a9da8b3fb7da7a479e54ba4932fd07775d9a4e Mon Sep 17 00:00:00 2001 From: Martin Kosek Date: Thu, 13 Oct 2011 14:35:06 +0200 Subject: [PATCH] Make IPv4 address parsing more strict Let netaddr.IPAddress() use inet_pton() rather than inet_aton() for IP address parsing. We will use the same function in IPv4/IPv6 conversions + be stricter and don't allow IP addresses such as '1.1.1' at the same time. https://fedorahosted.org/freeipa/ticket/1965 --- ipapython/ipautil.py | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index 232869802..b00259494 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -69,9 +69,15 @@ def get_domain_name(): return domain_name class CheckedIPAddress(netaddr.IPAddress): + + # Use inet_pton() rather than inet_aton() for IP address parsing. We + # will use the same function in IPv4/IPv6 conversions + be stricter + # and don't allow IP addresses such as '1.1.1' in the same time + netaddr_ip_flags = netaddr.INET_PTON + def __init__(self, addr, match_local=False, parse_netmask=True): if isinstance(addr, CheckedIPAddress): - super(CheckedIPAddress, self).__init__(addr) + super(CheckedIPAddress, self).__init__(addr, flags=self.netaddr_ip_flags) self.prefixlen = addr.prefixlen self.defaultnet = addr.defaultnet self.interface = addr.interface @@ -88,7 +94,7 @@ class CheckedIPAddress(netaddr.IPAddress): pass else: try: - addr = netaddr.IPAddress(addr) + addr = netaddr.IPAddress(addr, flags=self.netaddr_ip_flags) except ValueError: net = netaddr.IPNetwork(addr) if not parse_netmask: @@ -140,7 +146,7 @@ class CheckedIPAddress(netaddr.IPAddress): if addr.version == 4 and addr == net.broadcast: raise ValueError("cannot use broadcast IP address") - super(CheckedIPAddress, self).__init__(addr) + super(CheckedIPAddress, self).__init__(addr, flags=self.netaddr_ip_flags) self.prefixlen = net.prefixlen self.defaultnet = defnet self.interface = iface