[Python-checkins] bpo-40121: Fixes audit event raised on creating a new socket (GH-19238)

Tue Mar 31 07:39:00 EDT 2020

https://github.com/python/cpython/commit/63ba5cccf484b9ec23dfbf4cf7ffdc833eda98c3
commit: 63ba5cccf484b9ec23dfbf4cf7ffdc833eda98c3
branch: master
author: Steve Dower <steve.dower at python.org>
committer: GitHub <noreply at github.com>
date: 2020年03月31日T12:38:53+01:00
summary:
bpo-40121: Fixes audit event raised on creating a new socket (GH-19238)
files:
A Misc/NEWS.d/next/Security/2020-03-30-23-16-25.bpo-40121.p2LIio.rst
M Lib/test/audit-tests.py
M Lib/test/test_audit.py
M Modules/socketmodule.c

diff --git a/Lib/test/audit-tests.py b/Lib/test/audit-tests.py
index 33f320992bb23..dda52a5a518f6 100644
--- a/Lib/test/audit-tests.py
+++ b/Lib/test/audit-tests.py
@@ -327,6 +327,28 @@ def hook(event, args):
 CloseKey(kv)
 
 
+def test_socket():
+ import socket
+
+ def hook(event, args):
+ if event.startswith("socket."):
+ print(event, *args)
+
+ sys.addaudithook(hook)
+
+ socket.gethostname()
+
+ # Don't care if this fails, we just want the audit message
+ sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+ try:
+ # Don't care if this fails, we just want the audit message
+ sock.bind(('127.0.0.1', 8080))
+ except error:
+ pass
+ finally:
+ sock.close()
+
+
 if __name__ == "__main__":
 from test.libregrtest.setup import suppress_msvcrt_asserts
 
diff --git a/Lib/test/test_audit.py b/Lib/test/test_audit.py
index 73dd5c5b7db30..f405c6923979c 100644
--- a/Lib/test/test_audit.py
+++ b/Lib/test/test_audit.py
@@ -118,6 +118,18 @@ def test_winreg(self):
 self.assertSequenceEqual(["winreg.EnumKey", " ", f"{expected} 10000"], events[3])
 self.assertSequenceEqual(["winreg.PyHKEY.Detach", " ", expected], events[4])
 
+ def test_socket(self):
+ support.import_module("socket")
+ returncode, events, stderr = self.run_python("test_socket")
+ if returncode:
+ self.fail(stderr)
+
+ if support.verbose:
+ print(*events, sep='\n')
+ self.assertEqual(events[0][0], "socket.gethostname")
+ self.assertEqual(events[1][0], "socket.__new__")
+ self.assertEqual(events[2][0], "socket.bind")
+ self.assertTrue(events[2][2].endswith("('127.0.0.1', 8080)"))
 
 if __name__ == "__main__":
 unittest.main()
diff --git a/Misc/NEWS.d/next/Security/2020-03-30-23-16-25.bpo-40121.p2LIio.rst b/Misc/NEWS.d/next/Security/2020-03-30-23-16-25.bpo-40121.p2LIio.rst
new file mode 100644
index 0000000000000..5aac6cd8b9959
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2020-03-30-23-16-25.bpo-40121.p2LIio.rst
@@ -0,0 +1 @@
+Fixes audit events raised on creating a new socket.
diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c
index 2818ac7f20570..b5c241e643dfc 100644
--- a/Modules/socketmodule.c
+++ b/Modules/socketmodule.c
@@ -5099,7 +5099,7 @@ sock_initobj(PyObject *self, PyObject *args, PyObject *kwds)
 
 #ifdef MS_WINDOWS
 /* In this case, we don't use the family, type and proto args */
- if (fdobj != NULL && fdobj != Py_None)
+ if (fdobj == NULL || fdobj == Py_None)
 #endif
 {
 if (PySys_Audit("socket.__new__", "Oiii",
@@ -5121,8 +5121,9 @@ sock_initobj(PyObject *self, PyObject *args, PyObject *kwds)
 }
 memcpy(&info, PyBytes_AS_STRING(fdobj), sizeof(info));
 
- if (PySys_Audit("socket()", "iii", info.iAddressFamily,
- info.iSocketType, info.iProtocol) < 0) {
+ if (PySys_Audit("socket.__new__", "Oiii", s,
+ info.iAddressFamily, info.iSocketType,
+ info.iProtocol) < 0) {
 return -1;
 }
 
