Limit length of IP address string to 39

sethmlarson · sethmlarson · commit e1e69174a279 · 2025-01-15T10:49:49.000-06:00
diff --git a/Lib/ipaddress.py b/Lib/ipaddress.py
@@ -1660,6 +1660,9 @@ def _ip_int_from_string(cls, ip_str):
         """
         if not ip_str:
             raise AddressValueError('Address cannot be empty')
+        if len(ip_str) > 39:
+            msg = "At most 39 characters expected in %r" % (ip_str,)
+            raise AddressValueError(msg)
 
         # We want to allow more parts than the max to be 'split'
         # to preserve the correct error message when there are
diff --git a/Lib/test/test_ipaddress.py b/Lib/test/test_ipaddress.py
@@ -396,8 +396,17 @@ def assertBadSplit(addr):
         assertBadSplit("8:7:6:5:4:3:2:1::%scope")
         # A trailing IPv4 address is two parts
         assertBadSplit("10:9:8:7:6:5:4:3:42.42.42.42%scope")
+
+    def test_bad_address_split_v6_too_long(self):
+        def assertBadSplit(addr):
+            msg = "At most 39 characters expected in %r"
+            with self.assertAddressError(msg, addr.split('%')[0]):
+                ipaddress.IPv6Address(addr)
+
         # Long IPv6 address
-        assertBadSplit(("0:" * 10000) + "0")
+        long_addr = ("0:" * 10000) + "0"
+        assertBadSplit(long_addr)
+        assertBadSplit(long_addr + "%zoneid")
 
     def test_bad_address_split_v6_too_many_parts(self):
         def assertBadSplit(addr):
diff --git a/Misc/NEWS.d/next/Security/2025-01-14-11-19-07.gh-issue-128840.M1doZW.rst b/Misc/NEWS.d/next/Security/2025-01-14-11-19-07.gh-issue-128840.M1doZW.rst
@@ -1,3 +1,2 @@
-Limit the number of splitting on colons (``:``) that will occur while parsing
-an IPv6 address. This prevents excessive memory consumption and potential
-denial-of-service when parsing a large IPv6 address.
+Short-circuit the processing of long IPv6 addresses early to prevent excessive
+memory consumption and a minor denial-of-service.
