[Python-checkins] r87123 - in python/branches/release26-maint: Lib/smtpd.py Misc/NEWS

giampaolo.rodola python-checkins at python.org
Tue Dec 7 19:54:44 CET 2010

• Previous message: [Python-checkins] r87122 - in python/branches/release27-maint: Mac/IDLE/config-extensions.def Misc/NEWS
• Next message: [Python-checkins] r87124 - in python/branches/py3k: Doc/whatsnew/3.2.rst Lib/random.py Lib/test/test_random.py
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Author: giampaolo.rodola
Date: Tue Dec 7 19:54:43 2010
New Revision: 87123
Log:
backporting security fix of issue 9129 (smtpd module vulnerable to DoS attacks in case of connection bashing)
Modified:
 python/branches/release26-maint/Lib/smtpd.py
 python/branches/release26-maint/Misc/NEWS
Modified: python/branches/release26-maint/Lib/smtpd.py
==============================================================================
--- python/branches/release26-maint/Lib/smtpd.py	(original)
+++ python/branches/release26-maint/Lib/smtpd.py	Tue Dec 7 19:54:43 2010
@@ -121,7 +121,15 @@
 self.__rcpttos = []
 self.__data = ''
 self.__fqdn = socket.getfqdn()
- self.__peer = conn.getpeername()
+ try:
+ self.__peer = conn.getpeername()
+ except socket.error as err:
+ # a race condition may occur if the other end is closing
+ # before we can get the peername
+ self.close()
+ if err.args[0] != errno.ENOTCONN:
+ raise
+ return
 print >> DEBUGSTREAM, 'Peer:', repr(self.__peer)
 self.push('220 %s %s' % (self.__fqdn, __version__))
 self.set_terminator('\r\n')
@@ -291,7 +299,20 @@
 localaddr, remoteaddr)
 
 def handle_accept(self):
- conn, addr = self.accept()
+ try:
+ conn, addr = self.accept()
+ except TypeError:
+ # sometimes accept() might return None
+ return
+ except socket.error as err:
+ # ECONNABORTED might be thrown
+ if err.args[0] != errno.ECONNABORTED:
+ raise
+ return
+ else:
+ # sometimes addr == None instead of (ip, port)
+ if addr == None:
+ return
 print >> DEBUGSTREAM, 'Incoming connection from %s' % repr(addr)
 channel = SMTPChannel(self, conn, addr)
 
Modified: python/branches/release26-maint/Misc/NEWS
==============================================================================
--- python/branches/release26-maint/Misc/NEWS	(original)
+++ python/branches/release26-maint/Misc/NEWS	Tue Dec 7 19:54:43 2010
@@ -19,6 +19,8 @@
 Library
 -------
 
+- Issue #9129: smtpd.py is vulnerable to DoS attacks deriving from missing
+ error handling when accepting a new connection.
 
 What's New in Python 2.6.6?
 ===========================
@@ -206,7 +208,7 @@
 - Issue #8620: when a Cmd is fed input that reaches EOF without a final
 newline, it no longer truncates the last character of the last command line.
 
-- Issue #7066: archive_util.make_archive now restores the cwd if an error is 
+- Issue #7066: archive_util.make_archive now restores the cwd if an error is
 raised. Initial patch by Ezio Melotti.
 
 - Issue #5006: Better handling of unicode byte-order marks (BOM) in the io

---

• Previous message: [Python-checkins] r87122 - in python/branches/release27-maint: Mac/IDLE/config-extensions.def Misc/NEWS
• Next message: [Python-checkins] r87124 - in python/branches/py3k: Doc/whatsnew/3.2.rst Lib/random.py Lib/test/test_random.py
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

More information about the Python-checkins mailing list