Converting hex string to an integer

Discussion in 'Python' started by Derek Fountain, Aug 26, 2004.

  1. Given the character string "0x00A1B2C3" arriving at sys.argv[1] how do I
    convert that to an integer which I can do some math on?
    Derek Fountain, Aug 26, 2004
    #1
    1. Advertising

  2. Le 26-08-2004, Derek Fountain <> a écrit :
    > Given the character string "0x00A1B2C3" arriving at sys.argv[1] how do I
    > convert that to an integer which I can do some math on?


    >>> s = "0x00A1B2C3"
    >>> int(s, 16)

    10597059


    --
    Alexandre Fayolle LOGILAB, Paris (France).
    http://www.logilab.com http://www.logilab.fr http://www.logilab.org
    Alexandre Fayolle, Aug 26, 2004
    #2
    1. Advertising

  3. Derek Fountain

    Rick Holbert Guest

    Derek Fountain wrote:

    > Given the character string "0x00A1B2C3" arriving at sys.argv[1] how do I
    > convert that to an integer which I can do some math on?


    i = eval(sys.argv[1])
    Rick Holbert, Aug 26, 2004
    #3
  4. Derek Fountain

    Peter Hansen Guest

    Rick Holbert wrote:
    > Derek Fountain wrote:
    >>Given the character string "0x00A1B2C3" arriving at sys.argv[1] how do I
    >>convert that to an integer which I can do some math on?

    >
    > i = eval(sys.argv[1])


    That's dangerous advice to a newbie if not qualified carefully.

    Derek, "eval" could be the source of serious security problems
    if you don't understand its power. Specifically it should
    almost never be used for input that comes from a user or
    via the command line. There is pretty much always another
    and much better way to do the simple stuff like conversions
    than to use eval.

    For example, imagine if a malicious could feed your program this:

    (on the Linux command line)

    $ myscript "__import_('os').system('rm -rf /')"

    or the Windows version:

    C:\> myscript "__import_('os').system('deltree /y c:\*.*')"

    Bye-bye filesystem... (don't run these examples!)

    -Peter
    Peter Hansen, Aug 26, 2004
    #4
  5. Peter Hansen wrote:
    > Rick Holbert wrote:
    >
    >> Derek Fountain wrote:
    >>
    >>> Given the character string "0x00A1B2C3" arriving at sys.argv[1] how do I
    >>> convert that to an integer which I can do some math on?

    >>
    >> i = eval(sys.argv[1])

    >
    > That's dangerous advice to a newbie if not qualified carefully.
    >
    > Derek, "eval" could be the source of serious security problems
    > if you don't understand its power.


    Yes, eval() is risky! Try to get rid of eval() or you MUST protect each and
    every call to eval() with paranoid parameter checking!

    int(sys.argv[1],16) would be a better approach here...

    >>> int("0x00A1B2C3",16)

    10597059
    >>> int("__import_('os').system('rm -rf /')",16)

    Traceback (most recent call last):
    File "<stdin>", line 1, in ?
    ValueError: invalid literal for int(): __import_('os').system('rm -rf /')
    >>>


    Ciao, Michael.
    =?ISO-8859-1?Q?Michael_Str=F6der?=, Aug 26, 2004
    #5
  6. Peter Hansen <> writes:

    > Rick Holbert wrote:
    > > Derek Fountain wrote:
    > >>Given the character string "0x00A1B2C3" arriving at sys.argv[1] how do I
    > >>convert that to an integer which I can do some math on?

    > > i = eval(sys.argv[1])

    >
    > That's dangerous advice to a newbie if not qualified carefully.
    >
    > Derek, "eval" could be the source of serious security problems
    > if you don't understand its power. Specifically it should
    > almost never be used for input that comes from a user or
    > via the command line. There is pretty much always another
    > and much better way to do the simple stuff like conversions
    > than to use eval.
    >
    > For example, imagine if a malicious could feed your program this:
    >
    > (on the Linux command line)
    >
    > $ myscript "__import_('os').system('rm -rf /')"


    Well, in this situation, he could just type

    $ rm -rf /

    But, yes.

    Cheers,
    mwh

    --
    I'm not particularly fond of singing GSTQ because she stands for
    some things I don't, but it's not really worth letting politics
    getting in the way of a good bawling. -- Dan Sheppard, ucam.chat
    Michael Hudson, Aug 27, 2004
    #6
  7. Derek Fountain

    Peter Hansen Guest

    Michael Hudson wrote:

    > Peter Hansen <> writes:
    >
    >
    >>Rick Holbert wrote:
    >>
    >>>Derek Fountain wrote:
    >>>
    >>>>Given the character string "0x00A1B2C3" arriving at sys.argv[1] how do I
    >>>>convert that to an integer which I can do some math on?
    >>>
    >>>i = eval(sys.argv[1])

    >>
    >>That's dangerous advice to a newbie if not qualified carefully.
    >>
    >>Derek, "eval" could be the source of serious security problems
    >>if you don't understand its power. Specifically it should
    >>almost never be used for input that comes from a user or
    >>via the command line. There is pretty much always another
    >>and much better way to do the simple stuff like conversions
    >>than to use eval.
    >>
    >>For example, imagine if a malicious could feed your program this:
    >>
    >>(on the Linux command line)
    >>
    >> $ myscript "__import_('os').system('rm -rf /')"

    >
    > Well, in this situation, he could just type
    >
    > $ rm -rf /
    >
    > But, yes.


    He could if he were on the same system, but it's quite possible
    that sys.argv[1] in this particular program is actually coming
    from a remote system in some manner (web?). But, yes. :)

    -Peter
    Peter Hansen, Aug 29, 2004
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    10
    Views:
    6,182
    Neredbojias
    Aug 19, 2005
  2. Bengt Richter
    Replies:
    6
    Views:
    462
    Juha Autero
    Aug 19, 2003
  3. Madhusudan Singh
    Replies:
    6
    Views:
    430
    Peter Hansen
    Oct 21, 2005
  4. Madhusudan Singh
    Replies:
    1
    Views:
    419
    Leif K-Brooks
    Oct 19, 2005
  5. Martin Kleiner
    Replies:
    12
    Views:
    11,203
    CBFalconer
    Feb 12, 2009
Loading...

Share This Page