It works (read: segfaults) only when compiled without
IPv6 support. Code to exploit this bug:
import socket
socket.inet_pton(socket.AF_INET6, '5aef:2b::8')
It segfaults because of that code from
Modules/socketmodule.c:
---
#ifdef ENABLE_IPV6
char packed[MAX(sizeof(struct in_addr), sizeof(struct
in6_addr))];
#else
char packed[sizeof(struct in_addr)];
#endif
if (!PyArg_ParseTuple(args, "is:inet_pton", &af, &ip)) {
return NULL;
}
retval = inet_pton(af, ip, packed);
---
Because IPv6 is disabled packet is defined in that way:
char packed[sizeof(struct in_addr)];
but we're still able to ask inet_pton() to convert some
IPv6 address because socket.AF_INET6 constant is
available, but packet buffer is too small to hold IPv6 data.
A simple patch:
#---------------------------------
--- ../../orig/Python-2.3/Modules/socketmodule.c
Thu Jul 17 18:58:48 2003
+++ socketmodule.c Fri Aug 1 22:13:30 2003
@@ -2962,6 +2962,14 @@
return NULL;
}
+#ifndef ENABLE_IPV6
+ if(af == AF_INET6) {
+ PyErr_SetString(socket_error,
+ "can't use AF_INET6, IPv6 is disabled");
+ return NULL;
+ }
+#endif
+
retval = inet_pton(af, ip, packed);
if (retval < 0) {
PyErr_SetFromErrno(socket_error);
#----------------------------------
Sorry, if you know about this one already.
|