[issue29970] Severe open file leakage running asyncio SSL server

2017-12-20 Thread Andrew Svetlov 

Andrew Svetlov  added the comment:

Don't know.
Ask other coredevs maybe?

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29970] Severe open file leakage running asyncio SSL server

2017-12-20 Thread Yury Selivanov 

Yury Selivanov  added the comment:

> The fix introduces a new parameter in public API.

Maybe we can get away with this if we do not document it in 3.6 and add a 
comment to the source code that using this new parameter will make the code 
incompatible with earlier 3.6.x versions?

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29970] Severe open file leakage running asyncio SSL server

2017-12-20 Thread Andrew Svetlov 

Andrew Svetlov  added the comment:

The fix introduces a new parameter in public API.

That's why I think we shouldn't backport it.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29970] Severe open file leakage running asyncio SSL server

2017-12-20 Thread Yury Selivanov 

Yury Selivanov  added the comment:

Should we backport this to 3.6?  This is a security issue.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29970] Severe open file leakage running asyncio SSL server

2017-12-20 Thread Andrew Svetlov 

Andrew Svetlov  added the comment:


New changeset 51eb1c6b9c0b382dfd6e0428eacff0c7891a6fc3 by Andrew Svetlov in 
branch 'master':
bpo-29970: Make ssh_handshake_timeout None by default (#4939)
https://github.com/python/cpython/commit/51eb1c6b9c0b382dfd6e0428eacff0c7891a6fc3


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29970] Severe open file leakage running asyncio SSL server

2017-12-20 Thread Andrew Svetlov 

Change by Andrew Svetlov :


--
pull_requests: +4830

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29970] Severe open file leakage running asyncio SSL server

2017-12-19 Thread Andrew Svetlov 

Change by Andrew Svetlov :


--
resolution:  -> fixed
stage: patch review -> resolved
status: open -> closed
versions:  -Python 3.5, Python 3.6

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29970] Severe open file leakage running asyncio SSL server

2017-12-19 Thread Andrew Svetlov 

Andrew Svetlov  added the comment:

Fixed in 3.7

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29970] Severe open file leakage running asyncio SSL server

2017-12-19 Thread Andrew Svetlov 

Andrew Svetlov  added the comment:


New changeset f7686c1f5553b24e3307506a18e18f6544de94d3 by Andrew Svetlov (Neil 
Aspinall) in branch 'master':
bpo-29970: Add timeout for SSL handshake in asyncio
https://github.com/python/cpython/commit/f7686c1f5553b24e3307506a18e18f6544de94d3


--
nosy: +asvetlov

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29970] Severe open file leakage running asyncio SSL server

2017-12-12 Thread Neil Aspinall 

Change by Neil Aspinall :


--
keywords: +patch
pull_requests: +4717
stage:  -> patch review

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29970] Severe open file leakage running asyncio SSL server

2017-12-12 Thread Neil Aspinall 

Neil Aspinall  added the comment:

I think there's been some confusion about what PR 480 was meant to fix - it 
helps in cases where connections are closed during handshake, but if a server 
connection is waiting for a handshake but never receives any data at all then 
it stays in that state forever.

As for a fix, how about giving SSLProtocol a method like:

def checkHandshakeDone(self):
if self._in_handshake == True:
self._abort()

and then at the end of _start_handshake() adding:

self._loop.call_later(10, self.checkHandshakeDone)

Then if the handshake is not complete within ten seconds of starting, the 
connection will be aborted.

--
nosy: +mocmocamoc

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29970] Severe open file leakage running asyncio SSL server

2017-12-12 Thread STINNER Victor 

Change by STINNER Victor :


--
nosy:  -vstinner

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29970] Severe open file leakage running asyncio SSL server

2017-12-11 Thread kyuupichan 

kyuupichan  added the comment:

I'm not sure what you mean about this being a server-specific problem.  It's 
clearly a bug in the asyncio SSL wrapper as using TCP instead of SSL with 
otherwise identical code doesn't leak open files.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29970] Severe open file leakage running asyncio SSL server

2017-06-18 Thread Nikolay Kim 

Nikolay Kim added the comment:

I see. this is server specific problem. as a temp solution I'd use proxy for 
ssl termination.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29970] Severe open file leakage running asyncio SSL server

2017-06-18 Thread kyuupichan 

kyuupichan added the comment:

@Nikolay Kim

As I note in the original submission, 480 was tested and does NOT solve this 
issue.  Thanks.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29970] Severe open file leakage running asyncio SSL server

2017-06-18 Thread Nikolay Kim 

Nikolay Kim added the comment:

question is, should asyncio handle timeouts or leave it to caller?

https://github.com/python/cpython/pull/480 fixes leak during handshake.

--
nosy: +fafhrd91

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29970] Severe open file leakage running asyncio SSL server

2017-04-04 Thread Yury Selivanov 

Yury Selivanov added the comment:

I'm assigning this to myself to make sure I don't forget about this. If someone 
wants to tackle this please feel free to reassign.

--
assignee:  -> yselivanov
versions: +Python 3.7

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29970] Severe open file leakage running asyncio SSL server

2017-04-04 Thread Brett Cannon 

Changes by Brett Cannon :


--
nosy: +giampaolo.rodola, haypo

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29970] Severe open file leakage running asyncio SSL server

2017-04-03 Thread kyuupichan 

New submission from kyuupichan:

Original report at old repo here:  https://github.com/python/asyncio/issues/483

There this is reported fixed by https://github.com/python/cpython/pull/480

I wish to report that whilst the above patch might have a small positive 
effect, it is far from solving the actual issue.  Several users report eventual 
exhaustion of the open file resource running SSL asyncio servers.

Here are graphs provided by a friend running my ElectrumX server software, 
first accepting SSL connections and the second accepting TCP connections only.  
Both of the servers were monkey-patched with the pull-480 fix above, so this is 
evidence it isn't solving the issue.

http://imgur.com/a/cWnSu

As you can see, the TCP server (which has far less connections; most users use 
SSL) has no leaked file handles, whereas the SSL server has over 300.

This becomes an easy denial of service vector against asyncio servers.  One way 
to trigger this (though I doubt it explains the numbers above) is simply to 
connect to the SSL server from telnet, and do nothing.  asyncio doesn't time 
you out, the telnet session seems to sit there forever, and the open file 
resources are lost in the SSL handshake stage until the remote host kindly 
decides to disconnect.

I suspect these resource issues all revolve around the SSL handshake process, 
certainly at the opening of a connection, but also perhaps when closing.

As the application author I am not informed by asyncio of a potential 
connection until the initial handshake is complete, so I cannot do anything to 
close these phantom socket connections.  I have to rely on asyncio to be 
properly handling DoS issues and it is not currently doing so robustly.

--
components: asyncio
messages: 291071
nosy: kyuupichan, yselivanov
priority: normal
severity: normal
status: open
title: Severe open file leakage running asyncio SSL server
type: resource usage
versions: Python 3.5, Python 3.6

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com