subject:"\[issue35415\] fileno argument to socket.socket is not validated"

[issue35415] fileno argument to socket.socket is not validated

2018-12-17 Thread miss-islington



miss-islington  added the comment:


New changeset e991270363435da12049ecfe70bb69bd9c14b535 by Miss Islington (bot) 
(Dima Tisnek) in branch 'master':
bpo-35415: validate fileno argument to socket.socket (GH-10917)
https://github.com/python/cpython/commit/e991270363435da12049ecfe70bb69bd9c14b535


--
nosy: +miss-islington

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35415] fileno argument to socket.socket is not validated

2018-12-17 Thread Andrew Svetlov



Change by Andrew Svetlov :


--
resolution:  -> fixed
stage: patch review -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35415] fileno argument to socket.socket is not validated

2018-12-05 Thread Dima Tisnek



New submission from Dima Tisnek :

socket.socket gained a fileno= kwarg the value of which is not checked if 
address family and socket type are both provided.

For example, following is accepted:

>>> socket.socket(socket.AF_INET, socket.SOCK_STREAM, fileno=-1234)
>>> socket.socket(socket.AF_INET, socket.SOCK_STREAM, fileno=1234)
>>> socket.socket(socket.AF_INET, socket.SOCK_STREAM, fileno=0.999)

Resulting in a socket object that will fail at runtime.

One of the implications is that it's possible to "steal" file descriptor, i.e. 
create a socket for an fd that doesn't exist; then some other function/thread 
happens to create e.g. socket with this specific fd, which can be 
"unexpectedly" used (or closed or modified, e.g. non-blocking changed) through 
the first socket object.

Additionally if the shorthand is used, the exception raised in these cases has 
odd text, at least it was misleading for me.

>>> socket.socket(fileno=get_wrong_fd_from_somewhere())
[snip]
OSError: [Errno 9] Bad file descriptor: 'family'

I thought that I had a bug whereby a string was passed in instead of an int fd;
Ultimately I had to look in cpython source code to understand what the "family" 
meant.

I volunteer to submit a patch!

--
messages: 331096
nosy: Dima.Tisnek
priority: normal
severity: normal
status: open
title: fileno argument to socket.socket is not validated
versions: Python 3.8

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35415] fileno argument to socket.socket is not validated

2018-12-05 Thread Roundup Robot



Change by Roundup Robot :


--
keywords: +patch
pull_requests: +10156
stage:  -> patch review

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35415] fileno argument to socket.socket is not validated

[issue35415] fileno argument to socket.socket is not validated

[issue35415] fileno argument to socket.socket is not validated

[issue35415] fileno argument to socket.socket is not validated

4 matches

Site Navigation

Mail list logo

Footer information