diff options
| author | Russell Keith-Magee <russell@keith-magee.com> | 2011-01-24 08:02:40 +0000 |
|---|---|---|
| committer | Russell Keith-Magee <russell@keith-magee.com> | 2011-01-24 08:02:40 +0000 |
| commit | d053624aa8534c984e07d4d8d2ee867de013e2ec (patch) | |
| tree | 9a9c4b52f913ddf2f16ce7cf63952b6ed0726393 /django/utils | |
| parent | 10b2441381592a17beb7c02725d8cb1fd62d6e0e (diff) | |
Fixed #15067 -- Modified the range checks on base36_to_int so you are guaranteed to always get an int, avoiding possible OverflowErrors. Thanks to Garthex for the report, jboutros for the patch, and kfrazier for the feedback.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15288 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'django/utils')
| -rw-r--r-- | django/utils/http.py | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/django/utils/http.py b/django/utils/http.py index e18d8dd29c..1384b4294c 100644 --- a/django/utils/http.py +++ b/django/utils/http.py @@ -1,4 +1,5 @@ import re +import sys import urllib from email.Utils import formatdate @@ -73,14 +74,19 @@ def http_date(epoch_seconds=None): def base36_to_int(s): """ - Converts a base 36 string to an ``int``. To prevent - overconsumption of server resources, raises ``ValueError` if the - input is longer than 13 base36 digits (13 digits is sufficient to - base36-encode any 64-bit integer). + Converts a base 36 string to an ``int``. Raises ``ValueError` if the + input won't fit into an int. """ + # To prevent overconsumption of server resources, reject any + # base36 string that is long than 13 base36 digits (13 digits + # is sufficient to base36-encode any 64-bit integer) if len(s) > 13: raise ValueError("Base36 input too large") - return int(s, 36) + value = int(s, 36) + # ... then do a final check that the value will fit into an int. + if value > sys.maxint: + raise ValueError("Base36 input too large") + return value def int_to_base36(i): """ |
