This issue tracker has been migrated to GitHub ,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2009年01月17日 02:36 by pitrou, last changed 2022年04月11日 14:56 by admin. This issue is now closed.
| Files | ||||
|---|---|---|---|---|
| File name | Uploaded | Description | Edit | |
| ssl-readbuffer.patch | pitrou, 2009年01月17日 02:36 | |||
| Messages (7) | |||
|---|---|---|---|
| msg79996 - (view) | Author: Antoine Pitrou (pitrou) * (Python committer) | Date: 2009年01月17日 02:36 | |
The read() method on ssl objects can take a buffer as a parameter, but the method is buggy in this case: - it only accepts bytearrays, while it should accept any object supporting the buffer protocol in write mode - when the object is not a bytearray, it returns NULL without setting the current exception - since it doesn't attempt to get a buffer export from the object, there is no protection and the buffer could be resized while the method releases the GIL, leading to a likely crash This patch solves all three issues. Note that I'm not able to write an unit test for it, because test_ssl.py is too high-level (it looks more like functional tests than unit tests). Also, the only reason I discovered this is that it made some tests fail on the io-in-C branch (which uses readinto() a lot). I'm a complete SSL newbie. |
|||
| msg82119 - (view) | Author: Antoine Pitrou (pitrou) * (Python committer) | Date: 2009年02月14日 21:10 | |
Bumping to critical since the io-c branch won't be merged before this is solved. |
|||
| msg82927 - (view) | Author: Benjamin Peterson (benjamin.peterson) * (Python committer) | Date: 2009年02月28日 17:24 | |
I'm no ssl expert either, but the patch looks fine to me. |
|||
| msg82939 - (view) | Author: Benjamin Peterson (benjamin.peterson) * (Python committer) | Date: 2009年02月28日 19:07 | |
Applied the patch to py3k in r70072. Do you have a trunk backport? |
|||
| msg82943 - (view) | Author: Antoine Pitrou (pitrou) * (Python committer) | Date: 2009年02月28日 19:33 | |
No, and since I don't how to test it out of running the io-c branch on test_ssl and test_poplib, I'd recommend not backporting it unless an SSL expert takes a look. |
|||
| msg82944 - (view) | Author: Benjamin Peterson (benjamin.peterson) * (Python committer) | Date: 2009年02月28日 19:35 | |
Ok, will leave as is. |
|||
| msg94325 - (view) | Author: Antoine Pitrou (pitrou) * (Python committer) | Date: 2009年10月21日 21:11 | |
Ok, there is nothing to backport since the trunk version doesn't handle bytearrays in the first place! |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022年04月11日 14:56:44 | admin | set | github: 49217 |
| 2009年10月21日 21:11:07 | pitrou | set | status: open -> closed resolution: fixed messages: + msg94325 stage: patch review -> resolved |
| 2009年02月28日 19:35:24 | benjamin.peterson | set | messages:
+ msg82944 versions: - Python 3.0, Python 3.1 |
| 2009年02月28日 19:33:38 | pitrou | set | messages: + msg82943 |
| 2009年02月28日 19:07:41 | benjamin.peterson | set | messages: + msg82939 |
| 2009年02月28日 17:24:07 | benjamin.peterson | set | nosy:
+ benjamin.peterson messages: + msg82927 |
| 2009年02月14日 21:10:09 | pitrou | set | priority: normal -> critical messages: + msg82119 |
| 2009年02月14日 21:09:33 | pitrou | link | issue4565 dependencies |
| 2009年01月17日 14:47:58 | giampaolo.rodola | set | nosy: + giampaolo.rodola |
| 2009年01月17日 02:36:51 | pitrou | create | |