Senthil Kumaran <[email protected]> added the comment:
Couple of points:
1. On your last example, which webserver treats 'L' as part of port number? I
can't of anything.
2. Can you write a "real application" which is listening to beyond 65535? Which
platform would it be?
Current way of handling invalid port like, int('foo') by raising ValueError
seems to be a better than returning a None. A better error message could be
desirable, but that does not make it a security issue.
Additionally, for the example of int changing long integer to 'L' appended one
would a 2.x case as it is no longer the behavior in 3.x
Also, I would advice to look at getPort function in a C library or a Java
library and see what it does. The only difference I see is, they return -1
where Python returns None.
I am changing the request type to an enhancement, because there is not a valid
argument to support that it is a security issue.
----------
status: open -> pending
type: security -> enhancement
_______________________________________
Python tracker <[email protected]>
<http://bugs.python.org/issue14036>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
