Fix #12835: prevent use of the unencrypted sendmsg/recvmsg APIs on SSL wrapped sockets (Patch by David Watson)
This commit is contained in:
parent
a89c32ccd9
commit
513886aabb
14
Lib/ssl.py
14
Lib/ssl.py
|
@ -355,6 +355,12 @@ class SSLSocket(socket):
|
|||
else:
|
||||
return socket.sendto(self, data, flags_or_addr, addr)
|
||||
|
||||
def sendmsg(self, *args, **kwargs):
|
||||
# Ensure programs don't send data unencrypted if they try to
|
||||
# use this method.
|
||||
raise NotImplementedError("sendmsg not allowed on instances of %s" %
|
||||
self.__class__)
|
||||
|
||||
def sendall(self, data, flags=0):
|
||||
self._checkClosed()
|
||||
if self._sslobj:
|
||||
|
@ -413,6 +419,14 @@ class SSLSocket(socket):
|
|||
else:
|
||||
return socket.recvfrom_into(self, buffer, nbytes, flags)
|
||||
|
||||
def recvmsg(self, *args, **kwargs):
|
||||
raise NotImplementedError("recvmsg not allowed on instances of %s" %
|
||||
self.__class__)
|
||||
|
||||
def recvmsg_into(self, *args, **kwargs):
|
||||
raise NotImplementedError("recvmsg_into not allowed on instances of "
|
||||
"%s" % self.__class__)
|
||||
|
||||
def pending(self):
|
||||
self._checkClosed()
|
||||
if self._sslobj:
|
||||
|
|
|
@ -1651,6 +1651,14 @@ else:
|
|||
# consume data
|
||||
s.read()
|
||||
|
||||
# Make sure sendmsg et al are disallowed to avoid
|
||||
# inadvertent disclosure of data and/or corruption
|
||||
# of the encrypted data stream
|
||||
self.assertRaises(NotImplementedError, s.sendmsg, [b"data"])
|
||||
self.assertRaises(NotImplementedError, s.recvmsg, 100)
|
||||
self.assertRaises(NotImplementedError,
|
||||
s.recvmsg_into, bytearray(100))
|
||||
|
||||
s.write(b"over\n")
|
||||
s.close()
|
||||
finally:
|
||||
|
|
|
@ -268,6 +268,10 @@ Core and Builtins
|
|||
Library
|
||||
-------
|
||||
|
||||
- Issue #12835: Follow up to #6560 that unconditionally prevents use of the
|
||||
unencrypted sendmsg/recvmsg APIs on SSL wrapped sockets. Patch by David
|
||||
Watson.
|
||||
|
||||
- Issue #12803: SSLContext.load_cert_chain() now accepts a password argument
|
||||
to be used if the private key is encrypted. Patch by Adam Simpkins.
|
||||
|
||||
|
|
Loading…
Reference in New Issue