Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Python > Converting hex string to an integer

Reply
Thread Tools

Converting hex string to an integer

 
 
Derek Fountain
Guest
Posts: n/a
 
      08-26-2004
Given the character string "0x00A1B2C3" arriving at sys.argv[1] how do I
convert that to an integer which I can do some math on?
 
Reply With Quote
 
 
 
 
Alexandre Fayolle
Guest
Posts: n/a
 
      08-26-2004
Le 26-08-2004, Derek Fountain <(E-Mail Removed)> a écrit*:
> Given the character string "0x00A1B2C3" arriving at sys.argv[1] how do I
> convert that to an integer which I can do some math on?


>>> s = "0x00A1B2C3"
>>> int(s, 16)

10597059


--
Alexandre Fayolle LOGILAB, Paris (France).
http://www.logilab.com http://www.logilab.fr http://www.logilab.org
 
Reply With Quote
 
 
 
 
Rick Holbert
Guest
Posts: n/a
 
      08-26-2004
Derek Fountain wrote:

> Given the character string "0x00A1B2C3" arriving at sys.argv[1] how do I
> convert that to an integer which I can do some math on?


i = eval(sys.argv[1])

 
Reply With Quote
 
Peter Hansen
Guest
Posts: n/a
 
      08-26-2004
Rick Holbert wrote:
> Derek Fountain wrote:
>>Given the character string "0x00A1B2C3" arriving at sys.argv[1] how do I
>>convert that to an integer which I can do some math on?

>
> i = eval(sys.argv[1])


That's dangerous advice to a newbie if not qualified carefully.

Derek, "eval" could be the source of serious security problems
if you don't understand its power. Specifically it should
almost never be used for input that comes from a user or
via the command line. There is pretty much always another
and much better way to do the simple stuff like conversions
than to use eval.

For example, imagine if a malicious could feed your program this:

(on the Linux command line)

$ myscript "__import_('os').system('rm -rf /')"

or the Windows version:

C:\> myscript "__import_('os').system('deltree /y c:\*.*')"

Bye-bye filesystem... (don't run these examples!)

-Peter
 
Reply With Quote
 
=?ISO-8859-1?Q?Michael_Str=F6der?=
Guest
Posts: n/a
 
      08-26-2004
Peter Hansen wrote:
> Rick Holbert wrote:
>
>> Derek Fountain wrote:
>>
>>> Given the character string "0x00A1B2C3" arriving at sys.argv[1] how do I
>>> convert that to an integer which I can do some math on?

>>
>> i = eval(sys.argv[1])

>
> That's dangerous advice to a newbie if not qualified carefully.
>
> Derek, "eval" could be the source of serious security problems
> if you don't understand its power.


Yes, eval() is risky! Try to get rid of eval() or you MUST protect each and
every call to eval() with paranoid parameter checking!

int(sys.argv[1],16) would be a better approach here...

>>> int("0x00A1B2C3",16)

10597059
>>> int("__import_('os').system('rm -rf /')",16)

Traceback (most recent call last):
File "<stdin>", line 1, in ?
ValueError: invalid literal for int(): __import_('os').system('rm -rf /')
>>>


Ciao, Michael.
 
Reply With Quote
 
Michael Hudson
Guest
Posts: n/a
 
      08-27-2004
Peter Hansen <(E-Mail Removed)> writes:

> Rick Holbert wrote:
> > Derek Fountain wrote:
> >>Given the character string "0x00A1B2C3" arriving at sys.argv[1] how do I
> >>convert that to an integer which I can do some math on?

> > i = eval(sys.argv[1])

>
> That's dangerous advice to a newbie if not qualified carefully.
>
> Derek, "eval" could be the source of serious security problems
> if you don't understand its power. Specifically it should
> almost never be used for input that comes from a user or
> via the command line. There is pretty much always another
> and much better way to do the simple stuff like conversions
> than to use eval.
>
> For example, imagine if a malicious could feed your program this:
>
> (on the Linux command line)
>
> $ myscript "__import_('os').system('rm -rf /')"


Well, in this situation, he could just type

$ rm -rf /

But, yes.

Cheers,
mwh

--
I'm not particularly fond of singing GSTQ because she stands for
some things I don't, but it's not really worth letting politics
getting in the way of a good bawling. -- Dan Sheppard, ucam.chat
 
Reply With Quote
 
Peter Hansen
Guest
Posts: n/a
 
      08-29-2004
Michael Hudson wrote:

> Peter Hansen <(E-Mail Removed)> writes:
>
>
>>Rick Holbert wrote:
>>
>>>Derek Fountain wrote:
>>>
>>>>Given the character string "0x00A1B2C3" arriving at sys.argv[1] how do I
>>>>convert that to an integer which I can do some math on?
>>>
>>>i = eval(sys.argv[1])

>>
>>That's dangerous advice to a newbie if not qualified carefully.
>>
>>Derek, "eval" could be the source of serious security problems
>>if you don't understand its power. Specifically it should
>>almost never be used for input that comes from a user or
>>via the command line. There is pretty much always another
>>and much better way to do the simple stuff like conversions
>>than to use eval.
>>
>>For example, imagine if a malicious could feed your program this:
>>
>>(on the Linux command line)
>>
>> $ myscript "__import_('os').system('rm -rf /')"

>
> Well, in this situation, he could just type
>
> $ rm -rf /
>
> But, yes.


He could if he were on the same system, but it's quite possible
that sys.argv[1] in this particular program is actually coming
from a remote system in some manner (web?). But, yes.

-Peter
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Converting Char Array with hex values into 32-bit integer Martin Kleiner C Programming 12 02-12-2009 03:21 AM
Converting 2bit hex representation to integer ? Madhusudan Singh Python 6 10-21-2005 01:50 PM
Converting 2bit hex representation to integer ? Madhusudan Singh Python 1 10-19-2005 10:05 PM
Hex Color Codes - Hex 6 <=> Hex 3 lucanos@gmail.com HTML 10 08-18-2005 11:21 PM
hex(-5) => Futurewarning: ugh, can't we have a better hex than '-'[:n<0]+hex(abs(n)) ?? Bengt Richter Python 6 08-19-2003 07:33 AM



Advertisments