This code had remnants of a previously intended calling convention,
where object return chaining would be used.
Unfortunately in the currently used calling style, we expect to get a
boolean back everywhere, where true meas `ok'. Returning `self' is
always treated as `ok' because it's trueish.
Luckily this doesn't cause actual security bugs because we always
return from all of the top-level entrypoints via ._rtn[val] which
checks the ._ok setting, which does properly track problems. So we
fail an assertion rather than printing a nice message. This is not
pretty but it is not a vulnerability.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
assert(self._ok is not True)
self._ok=False
complain('bad parameter: %s: %s' % (what, why))
assert(self._ok is not True)
self._ok=False
complain('bad parameter: %s: %s' % (what, why))
def _max_ok(self,what,maxlen):
if len(self._s) > maxlen:
def _max_ok(self,what,maxlen):
if len(self._s) > maxlen:
- self._bad(what,'too long (max %d)' % maxlen)
- return self
+ return self._bad(what,'too long (max %d)' % maxlen)
+ return True
def _re_ok(self,bad,what,maxlen=None):
if maxlen is None: maxlen=max[what]
self._max_ok(what,maxlen)
def _re_ok(self,bad,what,maxlen=None):
if maxlen is None: maxlen=max[what]
self._max_ok(what,maxlen)
- if self._ok is False: return self
+ if self._ok is False: return False
if bad.search(self._s): return self._bad(what,'bad syntax')
if bad.search(self._s): return self._bad(what,'bad syntax')
def _rtnval(self, is_ok, ifgood, ifbad=''):
if is_ok:
def _rtnval(self, is_ok, ifgood, ifbad=''):
if is_ok:
~ianmdlvl / secnet.git / commitdiff