[Python-checkins] cpython: Fix #12835: prevent use of the unencrypted sendmsg/recvmsg APIs on SSL wrapped

nick.coghlan python-checkins at python.org
Sat Aug 27 16:00:37 CEST 2011

• Previous message: [Python-checkins] cpython (merge 3.2 -> default): Merge: Make regrtest complain when -M and -j are used together.
• Next message: [Python-checkins] cpython: Fix #9923: mailcap now uses the OS path separator for the MAILCAP envvar. Not
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

http://hg.python.org/cpython/rev/b06f011a3529
changeset: 72101:b06f011a3529
user: Nick Coghlan <ncoghlan at gmail.com>
date: Sun Aug 28 00:00:27 2011 +1000
summary:
 Fix #12835: prevent use of the unencrypted sendmsg/recvmsg APIs on SSL wrapped sockets (Patch by David Watson)
files:
 Lib/ssl.py | 14 ++++++++++++++
 Lib/test/test_ssl.py | 8 ++++++++
 Misc/NEWS | 4 ++++
 3 files changed, 26 insertions(+), 0 deletions(-)
diff --git a/Lib/ssl.py b/Lib/ssl.py
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -355,6 +355,12 @@
 else:
 return socket.sendto(self, data, flags_or_addr, addr)
 
+ def sendmsg(self, *args, **kwargs):
+ # Ensure programs don't send data unencrypted if they try to
+ # use this method.
+ raise NotImplementedError("sendmsg not allowed on instances of %s" %
+ self.__class__)
+
 def sendall(self, data, flags=0):
 self._checkClosed()
 if self._sslobj:
@@ -413,6 +419,14 @@
 else:
 return socket.recvfrom_into(self, buffer, nbytes, flags)
 
+ def recvmsg(self, *args, **kwargs):
+ raise NotImplementedError("recvmsg not allowed on instances of %s" %
+ self.__class__)
+
+ def recvmsg_into(self, *args, **kwargs):
+ raise NotImplementedError("recvmsg_into not allowed on instances of "
+ "%s" % self.__class__)
+
 def pending(self):
 self._checkClosed()
 if self._sslobj:
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -1651,6 +1651,14 @@
 # consume data
 s.read()
 
+ # Make sure sendmsg et al are disallowed to avoid
+ # inadvertent disclosure of data and/or corruption
+ # of the encrypted data stream
+ self.assertRaises(NotImplementedError, s.sendmsg, [b"data"])
+ self.assertRaises(NotImplementedError, s.recvmsg, 100)
+ self.assertRaises(NotImplementedError,
+ s.recvmsg_into, bytearray(100))
+
 s.write(b"over\n")
 s.close()
 finally:
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -268,6 +268,10 @@
 Library
 -------
 
+- Issue #12835: Follow up to #6560 that unconditionally prevents use of the
+ unencrypted sendmsg/recvmsg APIs on SSL wrapped sockets. Patch by David
+ Watson.
+
 - Issue #12803: SSLContext.load_cert_chain() now accepts a password argument
 to be used if the private key is encrypted. Patch by Adam Simpkins.
 
-- 
Repository URL: http://hg.python.org/cpython

---

• Previous message: [Python-checkins] cpython (merge 3.2 -> default): Merge: Make regrtest complain when -M and -j are used together.
• Next message: [Python-checkins] cpython: Fix #9923: mailcap now uses the OS path separator for the MAILCAP envvar. Not
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

More information about the Python-checkins mailing list