Richard Oudkerk added the comment:
> If someone used regular sockets deliberately, they could crash
> multiprocessing server code deliberately. Any chance of doing a real message
> length check against the embedded message length check?
You can do
message = conn.recv_bytes(maxlength)
if you want a length check -- OSError will be raised if the message is too long.
But Listener() and Client() are *not* replacements for the normal socket API
and I would not really advise using them for communication over a network.
They are mostly used internally by multiprocessing -- and then only with digest
authentication.
All processes in the same program inherit the same randomly generated
authentication key -- current_process().authkey. If you create a listener by
doing
listener = Listener(address, authenticate=True)
then other processes from the same program can connect by doing
conn = Client(address, authenticate=True)
Without knowing the correct authentication key it is not possible to connect
and do a DOS like you describe.
----------
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue16920>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
