Issue 4967: Bugs in _ssl object read() when a buffer is specified (original) (raw)

Created on 2009-01-17 02:36 by pitrou, last changed 2022-04-11 14:56 by admin. This issue is now closed.

Files
File name Uploaded Description Edit
ssl-readbuffer.patch pitrou,2009-01-17 02:36
Messages (7)
msg79996 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2009-01-17 02:36
The read() method on ssl objects can take a buffer as a parameter, but the method is buggy in this case: - it only accepts bytearrays, while it should accept any object supporting the buffer protocol in write mode - when the object is not a bytearray, it returns NULL without setting the current exception - since it doesn't attempt to get a buffer export from the object, there is no protection and the buffer could be resized while the method releases the GIL, leading to a likely crash This patch solves all three issues. Note that I'm not able to write an unit test for it, because test_ssl.py is too high-level (it looks more like functional tests than unit tests). Also, the only reason I discovered this is that it made some tests fail on the io-in-C branch (which uses readinto() a lot). I'm a complete SSL newbie.
msg82119 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2009-02-14 21:10
Bumping to critical since the io-c branch won't be merged before this is solved.
msg82927 - (view) Author: Benjamin Peterson (benjamin.peterson) * (Python committer) Date: 2009-02-28 17:24
I'm no ssl expert either, but the patch looks fine to me.
msg82939 - (view) Author: Benjamin Peterson (benjamin.peterson) * (Python committer) Date: 2009-02-28 19:07
Applied the patch to py3k in r70072. Do you have a trunk backport?
msg82943 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2009-02-28 19:33
No, and since I don't how to test it out of running the io-c branch on test_ssl and test_poplib, I'd recommend not backporting it unless an SSL expert takes a look.
msg82944 - (view) Author: Benjamin Peterson (benjamin.peterson) * (Python committer) Date: 2009-02-28 19:35
Ok, will leave as is.
msg94325 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2009-10-21 21:11
Ok, there is nothing to backport since the trunk version doesn't handle bytearrays in the first place!
History
Date User Action Args
2022-04-11 14:56:44 admin set github: 49217
2009-10-21 21:11:07 pitrou set status: open -> closedresolution: fixedmessages: + stage: patch review -> resolved
2009-02-28 19:35:24 benjamin.peterson set messages: + versions: - Python 3.0, Python 3.1
2009-02-28 19:33:38 pitrou set messages: +
2009-02-28 19:07:41 benjamin.peterson set messages: +
2009-02-28 17:24:07 benjamin.peterson set nosy: + benjamin.petersonmessages: +
2009-02-14 21:10:09 pitrou set priority: normal -> criticalmessages: +
2009-02-14 21:09:33 pitrou link issue4565 dependencies
2009-01-17 14:47:58 giampaolo.rodola set nosy: + giampaolo.rodola
2009-01-17 02:36:51 pitrou create