-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
is_valid_ip: Do not raise exceptions on too-long input. #3010
Conversation
Thanks for the contribution! This looks good to me, but I'd like to have a comment in the code explaining why UnicodeError might be thrown. I also think this may be a bug in the standard library - I don't think it should be trying to do the idna encoding if |
hmm yeah weird:
|
Yeah, I think I agree that this is really a python bug -- it looks like this was already filed as https://bugs.python.org/issue32958. Up to you if it's worth papering over in Tornado! Happy to fix this up with a longer comment pointing to the core Python bug if you're interested in taking it. |
I think this is a good change since the upstream fix will be rolled out slowly. As I said, it just needs a comment about what's going on, and perhaps a test case. |
is_valid_ip calls `socket.getaddrinfo` with `socket.AI_NUMERICHOST` on the potential "ip"; even though IP addresses are not hostnames and do not use the `idna` encoding, `socket.getaddrinfo` will raise UnicodeError if the potential "ip" is longer than 63 characters long, the RFC-mandated max hostname length. Catch these UnicodeErrors and return false for too-long IPs, rather than raising an exception.
I already had a simple test case (that too-long values don't raise, but return false) but I've added a comment, and fixed up the commit message to also point to the Python bug report. Happy to add more tests, but AFAICT this gives coverage of the relevant codepath. |
Thanks! |
Calling
socket.getaddrinfo
with a potential hostname attempts toencode the "hostname" with the
idna
encoding. Per RFC, each part ofthe hostname cannot be longer than 63 characters; and
getaddrinfo
enforces this by raising a UnicodeError if the length is too long.
Catch these UnicodeErrors and return false for too-long names, rather
than raising an exception.