[issue27612] socket.gethostbyname resolving octal IP addresses incorrectly
Matt Robenolt added the comment: > Why do you need octal addresses? What is your use case? :-p I didn't, but an attacker leveraged this to bypass security. We had checks against `127.0.0.1`, but this resolved to `177.0.0.1` incorrectly, bypassing the check. We were using `socket.gethostbyname` which yielded this. See https://github.com/getsentry/sentry/pull/3787 for a little bit more context. -- ___ Python tracker <http://bugs.python.org/issue27612> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue27612] socket.gethostbyname resolving octal IP addresses incorrectly
Matt Robenolt added the comment: Ah, I just confirmed broken behavior in macOS as well using `getaddrinfo()` in C. I guess I'd be ok with python ignoring this as well. Maybe worth a change to documentation to note this? -- ___ Python tracker <http://bugs.python.org/issue27612> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue27612] socket.gethostbyname resolving octal IP addresses incorrectly
Matt Robenolt added the comment: Is it worth investigating the different behavior then with `getaddrinfo` between platforms? As far as I know, that's the only method that works with both ipv6 and will tell you "here are all the IP addresses this resolves to". -- ___ Python tracker <http://bugs.python.org/issue27612> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue27612] socket.gethostbyname resolving octal IP addresses incorrectly
Matt Robenolt added the comment: And lastly, it seems that `socket.gethostbyname_ex` _does_ work correctly on both platforms. ``` >>> socket.gethostbyname_ex('0177...0001') ('0177...0001', [], ['127.0.0.1']) ``` -- ___ Python tracker <http://bugs.python.org/issue27612> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue27612] socket.gethostbyname resolving octal IP addresses incorrectly
Matt Robenolt added the comment: Sorry, to add a data point, in C, `gethostbyname` also does the correct thing on macOS. See: ``` #include #include #include #include #include #include #include int main(int argc, char *argv[]) { int i; struct hostent *lh = gethostbyname("0177...0001"); struct in_addr **addr_list; if (lh) { addr_list = (struct in_addr **)lh->h_addr_list; for (i=0; addr_list[i] != NULL; i++) { printf("%s", inet_ntoa(*addr_list[i])); } printf("\n"); } else { herror("gethostbyname"); } return 0; } ``` So I'm not sure this is platform specific. Either way, `socket.gethostbyname` is wrong on both linux and macOS. I'm a bit lost with what's going on here though, admittedly. :) -- ___ Python tracker <http://bugs.python.org/issue27612> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue27612] socket.gethostbyname resolving octal IP addresses incorrectly
New submission from Matt Robenolt: This also affects socket.getaddrinfo on macOS only, but is fine on Linux. I've not tested on Windows to see behavior there. Given the IP address `0177...0001`, which is a valid octal format representing `127.0.0.1`, we can see varying results. Confirmed in both python 2.7 and 3.5. First, socket.gethostbyname is always wrong, and always returns `177.0.0.1`: ``` >>> socket.gethostbyname('0177...0001') '177.0.0.1' ``` This can be seen on both Linux and macOS. With `socket.getaddrinfo`, resolution is correct on Linux, but the bad 177.0.0.1 on macOS. Linux: ``` >>> socket.getaddrinfo('0177...0001', None)[0] (2, 1, 6, '', ('127.0.0.1', 0)) ``` macOS: ``` >>> socket.getaddrinfo('0177...0001', None)[0] (2, 2, 17, '', ('177.0.0.1', 0)) ``` This behavior exists in both 2.7.12 and 3.5.2 at least. I haven't tested many others, but I assume pretty universal. -- components: Library (Lib) messages: 271237 nosy: mattrobenolt priority: normal severity: normal status: open title: socket.gethostbyname resolving octal IP addresses incorrectly type: behavior versions: Python 2.7, Python 3.5 ___ Python tracker <http://bugs.python.org/issue27612> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com