From: Ben Darnell <ben@bendarnell.com>
Date: Sun, 25 Aug 2013 02:06:00 +0000 (-0400)
Subject: Check for empty strings and zero bytes in is_valid_ip.
X-Git-Tag: v3.2.0b1~88
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f4ad3b778b31f88db1a5824429a5ac27a262799d;p=thirdparty%2Ftornado.git

Check for empty strings and zero bytes in is_valid_ip.

Closes #893.
---

diff --git a/tornado/netutil.py b/tornado/netutil.py
index 370371804..9dc8506eb 100644
--- a/tornado/netutil.py
+++ b/tornado/netutil.py
@@ -159,6 +159,10 @@ def is_valid_ip(ip):
 
     Supports IPv4 and IPv6.
     """
+    if not ip or '\x00' in ip:
+        # getaddrinfo resolves empty strings to localhost, and truncates
+        # on zero bytes.
+        return False
     try:
         res = socket.getaddrinfo(ip, 0, socket.AF_UNSPEC,
                                  socket.SOCK_STREAM,
diff --git a/tornado/test/netutil_test.py b/tornado/test/netutil_test.py
index cf587bcbd..c47e58fa3 100644
--- a/tornado/test/netutil_test.py
+++ b/tornado/test/netutil_test.py
@@ -82,3 +82,7 @@ class IsValidIPTest(unittest.TestCase):
         self.assertTrue(not is_valid_ip('localhost'))
         self.assertTrue(not is_valid_ip('4.4.4.4<'))
         self.assertTrue(not is_valid_ip(' 127.0.0.1'))
+        self.assertTrue(not is_valid_ip(''))
+        self.assertTrue(not is_valid_ip(' '))
+        self.assertTrue(not is_valid_ip('\n'))
+        self.assertTrue(not is_valid_ip('\x00'))