Skip to content

Commit d947f80

Browse files
committed
Merge pull request pmarti#19 from mikaelhg/master
Replace un-sanitized range calls with xrange calls, to neutralize a potential attack vector
2 parents 253ac51 + 5af5ffb commit d947f80

File tree

2 files changed

+6
-6
lines changed

2 files changed

+6
-6
lines changed

messaging/mms/mms_pdu.py

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -175,14 +175,14 @@ def decode_message_body(self, data_iter):
175175
# <length of data>,
176176
# <content-type + other possible headers>,
177177
# <data>
178-
for part_num in range(num_entries):
178+
for part_num in xrange(num_entries):
179179
#print '\nPart %d:\n------' % part_num
180180
headers_len = self.decode_uint_var(data_iter)
181181
data_len = self.decode_uint_var(data_iter)
182182

183183
# Prepare to read content-type + other possible headers
184184
ct_field_bytes = []
185-
for i in range(headers_len):
185+
for i in xrange(headers_len):
186186
ct_field_bytes.append(data_iter.next())
187187

188188
ct_iter = PreviewIterator(ct_field_bytes)
@@ -201,7 +201,7 @@ def decode_message_body(self, data_iter):
201201

202202
# Data (note: this is not null-terminated)
203203
data = array.array('B')
204-
for i in range(data_len):
204+
for i in xrange(data_len):
205205
data.append(data_iter.next())
206206

207207
part = message.DataPart()

messaging/mms/wsp_pdu.py

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -447,7 +447,7 @@ def decode_long_integer(byte_iter):
447447

448448
longInt = 0
449449
# Decode the Multi-octect-integer
450-
for i in range(shortLength):
450+
for i in xrange(shortLength):
451451
longInt = longInt << 8
452452
longInt |= byte_iter.next()
453453

@@ -843,7 +843,7 @@ def decode_content_general_form(byte_iter):
843843

844844
# Read parameters, etc, until <value_length> is reached
845845
ct_field_bytes = array.array('B')
846-
for i in range(value_length):
846+
for i in xrange(value_length):
847847
ct_field_bytes.append(byte_iter.next())
848848

849849
ct_iter = PreviewIterator(ct_field_bytes)
@@ -1319,7 +1319,7 @@ def decode_well_known_header(byte_iter):
13191319
hdr_fields = get_header_field_names()
13201320
# TODO: *technically* this can fail, but then we have already
13211321
# read a byte... should fix?
1322-
if field_value not in range(len(hdr_fields)):
1322+
if field_value not in xrange(len(hdr_fields)):
13231323
raise DecodeError('Invalid Header Field value: %d' % field_value)
13241324

13251325
field_name = hdr_fields[field_value]

0 commit comments

Comments
 (0)