cpython: a00842b783cf (original) (raw)

Mercurial > cpython

changeset 88212:a00842b783cf 3.3

Issue #19422: Explicitly disallow non-SOCK_STREAM sockets in the ssl module, rather than silently let them emit clear text data. [#19422]

Antoine Pitrou solipsis@pitrou.net
date	Sat, 28 Dec 2013 17:26:33 +0100
parents	100f632d4306
children	f7dc02e6987a a43e96695203
files	Doc/library/ssl.rst Lib/ssl.py Lib/test/test_ssl.py Misc/NEWS
diffstat	4 files changed, 34 insertions(+), 8 deletions(-)[+] [-] Doc/library/ssl.rst 22 Lib/ssl.py 5 Lib/test/test_ssl.py 12 Misc/NEWS 3

line wrap: on

line diff

--- a/Doc/library/ssl.rst +++ b/Doc/library/ssl.rst @@ -141,13 +141,16 @@ instead. Takes an instance sock of :class:socket.socket, and returns an instance of :class:ssl.SSLSocket, a subtype of :class:socket.socket, which wraps

the underlying socket in an SSL context. For client-side sockets, the
context construction is lazy; if the underlying socket isn't connected yet,
the context construction will be performed after :meth:connect is called on
the socket. For server-side sockets, if the socket has no remote peer, it is
assumed to be a listening socket, and the server-side SSL wrapping is
automatically performed on client connections accepted via the :meth:accept
method. :func:wrap_socket may raise :exc:SSLError.

the underlying socket in an SSL context. sock must be a
:data:~socket.SOCK_STREAM socket; other socket types are unsupported. +
For client-side sockets, the context construction is lazy; if the
underlying socket isn't connected yet, the context construction will be
performed after :meth:connect is called on the socket. For
server-side sockets, if the socket has no remote peer, it is assumed
to be a listening socket, and the server-side SSL wrapping is
automatically performed on client connections accepted via the
:meth:accept method. :func:wrap_socket may raise :exc:SSLError. The keyfile and certfile parameters specify optional files which contain a certificate to be used to identify the local side of the @@ -836,7 +839,10 @@ to speed up repeated connections from th server_hostname=None) Wrap an existing Python socket sock and return an :class:SSLSocket

object. The SSL socket is tied to the context, its settings and

object. sock must be a :data:~socket.SOCK_STREAM socket; other socket
types are unsupported. +
The returned SSL socket is tied to the context, its settings and certificates. The parameters server_side, do_handshake_on_connect and suppress_ragged_eofs have the same meaning as in the top-level :func:wrap_socket function.

--- a/Lib/ssl.py +++ b/Lib/ssl.py @@ -111,6 +111,7 @@ else: from socket import getnameinfo as _getnameinfo from socket import error as socket_error from socket import socket, AF_INET, SOCK_STREAM, create_connection +from socket import SOL_SOCKET, SO_TYPE import base64 # for DER-to-PEM translation import traceback import errno @@ -296,6 +297,10 @@ class SSLSocket(socket): self.ssl_version = ssl_version self.ca_certs = ca_certs self.ciphers = ciphers

   # Can't use sock.type as other flags (such as SOCK_NONBLOCK) get[](#l2.15)

```
   # mixed in.[](#l2.16)
```

   if sock.getsockopt(SOL_SOCKET, SO_TYPE) != SOCK_STREAM:[](#l2.17)

       raise NotImplementedError("only stream sockets are supported")[](#l2.18)
   if server_side and server_hostname:[](#l2.19)
       raise ValueError("server_hostname can only be specified "[](#l2.20)
                        "in client mode")[](#l2.21)

--- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -493,6 +493,18 @@ class BasicSocketTests(unittest.TestCase support.gc_collect() self.assertIn(r, str(cm.warning.args[0]))

def test_unsupported_dtls(self):

   s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)[](#l3.8)

```
   self.addCleanup(s.close)[](#l3.9)
```

   with self.assertRaises(NotImplementedError) as cx:[](#l3.10)

       ssl.wrap_socket(s, cert_reqs=ssl.CERT_NONE)[](#l3.11)

   self.assertEqual(str(cx.exception), "only stream sockets are supported")[](#l3.12)

   ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)[](#l3.13)

   with self.assertRaises(NotImplementedError) as cx:[](#l3.14)

```
       ctx.wrap_socket(s)[](#l3.15)
```

   self.assertEqual(str(cx.exception), "only stream sockets are supported")[](#l3.16)

+ + class ContextTests(unittest.TestCase): @skip_if_broken_ubuntu_ssl

--- a/Misc/NEWS +++ b/Misc/NEWS @@ -29,6 +29,9 @@ Core and Builtins Library ------- +- Issue #19422: Explicitly disallow non-SOCK_STREAM sockets in the ssl

module, rather than silently let them emit clear text data. +

Issue #18116: getpass was always getting an error when testing /dev/tty, and thus was always falling back to stdin, and would then raise an exception if stdin could not be used (such as /dev/null). It also leaked an open file.