forked from python/cpython
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[CVE-2024-4032] Fix "private" (non-global) IP address ranges
The _private_networks variables, used by various is_private implementations, were missing some ranges and at the same time had overly strict ranges (where there are more specific ranges considered globally reachable by the IANA registries). This patch updates the ranges with what was missing or otherwise incorrect. 100.64.0.0/10 is left alone, for now, as it's been made special in (gh#python#61602). The _address_exclude_many() call returns 8 networks for IPv4, 121 networks for IPv6. For 0.0.0.0/0, both 0.0.0.0 and 255.225.255.255 are private, but one is in 0.0.0.0/8 ("This network") and the other in 255.255.255.255/32 ("Limited broadcast"). Add IPv6 addresses to suspignore.csv That's a lot of semicolons! Fixes: gh#python#113171 Fixes: bsc#1226448 (CVE-2024-4032) From-PR: gh#python/cpython!113179 From-PR: gh#python/cpython!113186 From-PR: gh#python/cpython!118177 Co-authored-by: Jakub Stasiak <jakub@stasiak.at> Patch: CVE-2024-4032-private-IP-addrs.patch
- Loading branch information
Showing
5 changed files
with
186 additions
and
21 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
9 changes: 9 additions & 0 deletions
9
Misc/NEWS.d/next/Library/2024-03-14-01-38-44.gh-issue-113171.VFnObz.rst
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
Fixed various false positives and false negatives in | ||
|
||
* :attr:`ipaddress.IPv4Address.is_private` (see these docs for details) | ||
* :attr:`ipaddress.IPv4Address.is_global` | ||
* :attr:`ipaddress.IPv6Address.is_private` | ||
* :attr:`ipaddress.IPv6Address.is_global` | ||
|
||
Also in the corresponding :class:`ipaddress.IPv4Network` and :class:`ipaddress.IPv6Network` | ||
attributes. |