From 513886aabb634d4b46c6727340c396faf8f7e2b4 Mon Sep 17 00:00:00 2001 From: Nick Coghlan Date: Sun, 28 Aug 2011 00:00:27 +1000 Subject: [PATCH] Fix #12835: prevent use of the unencrypted sendmsg/recvmsg APIs on SSL wrapped sockets (Patch by David Watson) --- Lib/ssl.py | 14 ++++++++++++++ Lib/test/test_ssl.py | 8 ++++++++ Misc/NEWS | 4 ++++ 3 files changed, 26 insertions(+) diff --git a/Lib/ssl.py b/Lib/ssl.py index 914e749928f..39cef2c699b 100644 --- a/Lib/ssl.py +++ b/Lib/ssl.py @@ -355,6 +355,12 @@ class SSLSocket(socket): else: return socket.sendto(self, data, flags_or_addr, addr) + def sendmsg(self, *args, **kwargs): + # Ensure programs don't send data unencrypted if they try to + # use this method. + raise NotImplementedError("sendmsg not allowed on instances of %s" % + self.__class__) + def sendall(self, data, flags=0): self._checkClosed() if self._sslobj: @@ -413,6 +419,14 @@ class SSLSocket(socket): else: return socket.recvfrom_into(self, buffer, nbytes, flags) + def recvmsg(self, *args, **kwargs): + raise NotImplementedError("recvmsg not allowed on instances of %s" % + self.__class__) + + def recvmsg_into(self, *args, **kwargs): + raise NotImplementedError("recvmsg_into not allowed on instances of " + "%s" % self.__class__) + def pending(self): self._checkClosed() if self._sslobj: diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index a4c177357fc..e386325341d 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -1651,6 +1651,14 @@ else: # consume data s.read() + # Make sure sendmsg et al are disallowed to avoid + # inadvertent disclosure of data and/or corruption + # of the encrypted data stream + self.assertRaises(NotImplementedError, s.sendmsg, [b"data"]) + self.assertRaises(NotImplementedError, s.recvmsg, 100) + self.assertRaises(NotImplementedError, + s.recvmsg_into, bytearray(100)) + s.write(b"over\n") s.close() finally: diff --git a/Misc/NEWS b/Misc/NEWS index e48902953db..c0fa159adac 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -268,6 +268,10 @@ Core and Builtins Library ------- +- Issue #12835: Follow up to #6560 that unconditionally prevents use of the + unencrypted sendmsg/recvmsg APIs on SSL wrapped sockets. Patch by David + Watson. + - Issue #12803: SSLContext.load_cert_chain() now accepts a password argument to be used if the private key is encrypted. Patch by Adam Simpkins.