[issue27612] socket.gethostbyname resolving octal IP addresses incorrectly
Matt Robenolt
report at bugs.python.org
Tue Jul 26 09:30:08 EDT 2016
Matt Robenolt added the comment:
> Why do you need octal addresses? What is your use case? :-p
I didn't, but an attacker leveraged this to bypass security. We had checks against `127.0.0.1`, but this resolved to `177.0.0.1` incorrectly, bypassing the check. We were using `socket.gethostbyname` which yielded this.
See https://github.com/getsentry/sentry/pull/3787 for a little bit more context.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue27612>
_______________________________________
More information about the Python-bugs-list
mailing list