On Thu, Jun 27, 2013 at 12:07 AM, Victor Stinner <victor.stin...@gmail.com>wrote:
> I would to parse an integer in [0; UINT_MAX] to fix the zlib module on > 64-bit system: > http://bugs.python.org/issue18294 > > How should I implement that? Use "O" format and then use > PyLong_Check(), PyLong_AsLong(), and check value <= UINT_MAX? > I ran into the same problem in the _lzma module. My solution was to define a custom converter that does an explicit check before returning the value (see http://hg.python.org/cpython/file/default/Modules/_lzmamodule.c#l134). On Thu, Jun 27, 2013 at 12:26 AM, Guido van Rossum <gu...@python.org> wrote: > > I would to parse an integer in [0; UINT_MAX] to fix the zlib module on > > 64-bit system: > > http://bugs.python.org/issue18294 > > > > How should I implement that? Use "O" format and then use > > PyLong_Check(), PyLong_AsLong(), and check value <= UINT_MAX? > > Why can't you use the K format? It won't reject out-of-range values, > but it will convert them to in-range so there aren't any attacks > possible based on bypassing the range check. I'm probably > misunderstanding something -- I don't completely understand that bug > report. :-( The point is not to protect against deliberate attacks, but rather to fail loudly (instead of silently) when the caller provides an input that the underlying C library cannot handle. - Nadeem
_______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
