from:"Matt Robenolt"

[issue27612] socket.gethostbyname resolving octal IP addresses incorrectly

2016-07-26 Thread Matt Robenolt


Matt Robenolt added the comment:

> Why do you need octal addresses? What is your use case? :-p

I didn't, but an attacker leveraged this to bypass security. We had checks 
against `127.0.0.1`, but this resolved to `177.0.0.1` incorrectly, bypassing 
the check. We were using `socket.gethostbyname` which yielded this.

See https://github.com/getsentry/sentry/pull/3787 for a little bit more context.

--

___
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue27612>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27612] socket.gethostbyname resolving octal IP addresses incorrectly

2016-07-25 Thread Matt Robenolt


Matt Robenolt added the comment:

Ah, I just confirmed broken behavior in macOS as well using `getaddrinfo()` in 
C.

I guess I'd be ok with python ignoring this as well. Maybe worth a change to 
documentation to note this?

--

___
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue27612>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27612] socket.gethostbyname resolving octal IP addresses incorrectly

2016-07-25 Thread Matt Robenolt


Matt Robenolt added the comment:

Is it worth investigating the different behavior then with `getaddrinfo` 
between platforms? As far as I know, that's the only method that works with 
both ipv6 and will tell you "here are all the IP addresses this resolves to".

--

___
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue27612>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27612] socket.gethostbyname resolving octal IP addresses incorrectly

2016-07-25 Thread Matt Robenolt


Matt Robenolt added the comment:

And lastly, it seems that `socket.gethostbyname_ex` _does_ work correctly on 
both platforms.

```
>>> socket.gethostbyname_ex('0177...0001')
('0177...0001', [], ['127.0.0.1'])
```

--

___
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue27612>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27612] socket.gethostbyname resolving octal IP addresses incorrectly

2016-07-25 Thread Matt Robenolt


Matt Robenolt added the comment:

Sorry, to add a data point, in C, `gethostbyname` also does the correct thing 
on macOS.

See:

```
#include 
#include 
#include 
#include 
#include 
#include 
#include 

int main(int argc, char *argv[]) {
int i;
struct hostent *lh = gethostbyname("0177...0001");
struct in_addr **addr_list;

if (lh) {
addr_list = (struct in_addr **)lh->h_addr_list;
for (i=0; addr_list[i] != NULL; i++) {
printf("%s", inet_ntoa(*addr_list[i]));
}
printf("\n");
} else {
herror("gethostbyname");
}

return 0;
}
```

So I'm not sure this is platform specific.

Either way, `socket.gethostbyname` is wrong on both linux and macOS. I'm a bit 
lost with what's going on here though, admittedly. :)

--

___
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue27612>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27612] socket.gethostbyname resolving octal IP addresses incorrectly

2016-07-25 Thread Matt Robenolt


New submission from Matt Robenolt:

This also affects socket.getaddrinfo on macOS only, but is fine on Linux. I've 
not tested on Windows to see behavior there.

Given the IP address `0177...0001`, which is a valid octal format 
representing `127.0.0.1`, we can see varying results. Confirmed in both python 
2.7 and 3.5.

First, socket.gethostbyname is always wrong, and always returns `177.0.0.1`:

```
>>> socket.gethostbyname('0177...0001')
'177.0.0.1'
```

This can be seen on both Linux and macOS.

With `socket.getaddrinfo`, resolution is correct on Linux, but the bad 
177.0.0.1 on macOS.

Linux:
```
>>> socket.getaddrinfo('0177...0001', None)[0]
(2, 1, 6, '', ('127.0.0.1', 0))
```

macOS:
```
>>> socket.getaddrinfo('0177...0001', None)[0]
(2, 2, 17, '', ('177.0.0.1', 0))
```

This behavior exists in both 2.7.12 and 3.5.2 at least. I haven't tested many 
others, but I assume pretty universal.

--
components: Library (Lib)
messages: 271237
nosy: mattrobenolt
priority: normal
severity: normal
status: open
title: socket.gethostbyname resolving octal IP addresses incorrectly
type: behavior
versions: Python 2.7, Python 3.5

___
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue27612>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27612] socket.gethostbyname resolving octal IP addresses incorrectly

[issue27612] socket.gethostbyname resolving octal IP addresses incorrectly

[issue27612] socket.gethostbyname resolving octal IP addresses incorrectly

[issue27612] socket.gethostbyname resolving octal IP addresses incorrectly

[issue27612] socket.gethostbyname resolving octal IP addresses incorrectly

[issue27612] socket.gethostbyname resolving octal IP addresses incorrectly

6 matches

Site Navigation

Mail list logo

Footer information