bpo-41471: Ignore invalid prefix lengths in system proxy settings on macOS (GH-22762) (GH-22773)

(cherry picked from commit 93a1ccabde)

Co-authored-by: Ronald Oussoren <ronaldoussoren@mac.com>

Lib/test/test_urllib2.py

@@ -1447,6 +1447,18 @@ def test_osx_proxy_bypass(self):
         bypass = {'exclude_simple': True, 'exceptions': []}
         self.assertTrue(_proxy_bypass_macosx_sysconf('test', bypass))
 
+        # Check that invalid prefix lengths are ignored
+        bypass = {
+            'exclude_simple': False,
+            'exceptions': [ '10.0.0.0/40', '172.19.10.0/24' ]
+        }
+        host = '172.19.10.5'
+        self.assertTrue(_proxy_bypass_macosx_sysconf(host, bypass),
+                        'expected bypass of %s to be True' % host)
+        host = '10.0.1.5'
+        self.assertFalse(_proxy_bypass_macosx_sysconf(host, bypass),
+                        'expected bypass of %s to be False' % host)
+
     def check_basic_auth(self, headers, realm):
         with self.subTest(realm=realm, headers=headers):
             opener = OpenerDirector()

Lib/urllib/request.py

@@ -2596,6 +2596,11 @@ def ip2num(ipAddr):
                 mask = 8 * (m.group(1).count('.') + 1)
             else:
                 mask = int(mask[1:])
+
+            if mask < 0 or mask > 32:
+                # System libraries ignore invalid prefix lengths
+                continue
+
             mask = 32 - mask
 
             if (hostIP >> mask) == (base >> mask):

Misc/NEWS.d/next/macOS/2020-10-19-12-25-19.bpo-41471.gwA7un.rst

@@ -0,0 +1 @@
+Ignore invalid prefix lengths in system proxy excludes.