mirror of
https://github.com/python/cpython.git
synced 2025-07-07 19:35:27 +00:00
gh-113280: Always close socket if SSLSocket creation failed (GH-114659)
Co-authored-by: Thomas Grainger <tagrain@gmail.com>
This commit is contained in:
Serhiy Storchaka
GitHub
parent
ecabff98c4
commit
0ea366240b
3 changed files with 81 additions and 67 deletions
113
Lib/ssl.py
113
Lib/ssl.py
|
|
@ -994,71 +994,67 @@ class SSLSocket(socket):
|
|||
if context.check_hostname and not server_hostname:
|
||||
raise ValueError("check_hostname requires server_hostname")
|
||||
|
||||
sock_timeout = sock.gettimeout()
|
||||
kwargs = dict(
|
||||
family=sock.family, type=sock.type, proto=sock.proto,
|
||||
fileno=sock.fileno()
|
||||
)
|
||||
self = cls.__new__(cls, **kwargs)
|
||||
super(SSLSocket, self).__init__(**kwargs)
|
||||
sock_timeout = sock.gettimeout()
|
||||
sock.detach()
|
||||
|
||||
self._context = context
|
||||
self._session = session
|
||||
self._closed = False
|
||||
self._sslobj = None
|
||||
self.server_side = server_side
|
||||
self.server_hostname = context._encode_hostname(server_hostname)
|
||||
self.do_handshake_on_connect = do_handshake_on_connect
|
||||
self.suppress_ragged_eofs = suppress_ragged_eofs
|
||||
|
||||
# See if we are connected
|
||||
# Now SSLSocket is responsible for closing the file descriptor.
|
||||
try:
|
||||
self.getpeername()
|
||||
except OSError as e:
|
||||
if e.errno != errno.ENOTCONN:
|
||||
raise
|
||||
connected = False
|
||||
blocking = self.getblocking()
|
||||
self.setblocking(False)
|
||||
try:
|
||||
# We are not connected so this is not supposed to block, but
|
||||
# testing revealed otherwise on macOS and Windows so we do
|
||||
# the non-blocking dance regardless. Our raise when any data
|
||||
# is found means consuming the data is harmless.
|
||||
notconn_pre_handshake_data = self.recv(1)
|
||||
except OSError as e:
|
||||
# EINVAL occurs for recv(1) on non-connected on unix sockets.
|
||||
if e.errno not in (errno.ENOTCONN, errno.EINVAL):
|
||||
raise
|
||||
notconn_pre_handshake_data = b''
|
||||
self.setblocking(blocking)
|
||||
if notconn_pre_handshake_data:
|
||||
# This prevents pending data sent to the socket before it was
|
||||
# closed from escaping to the caller who could otherwise
|
||||
# presume it came through a successful TLS connection.
|
||||
reason = "Closed before TLS handshake with data in recv buffer."
|
||||
notconn_pre_handshake_data_error = SSLError(e.errno, reason)
|
||||
# Add the SSLError attributes that _ssl.c always adds.
|
||||
notconn_pre_handshake_data_error.reason = reason
|
||||
notconn_pre_handshake_data_error.library = None
|
||||
try:
|
||||
self.close()
|
||||
except OSError:
|
||||
pass
|
||||
try:
|
||||
raise notconn_pre_handshake_data_error
|
||||
finally:
|
||||
# Explicitly break the reference cycle.
|
||||
notconn_pre_handshake_data_error = None
|
||||
else:
|
||||
connected = True
|
||||
self._context = context
|
||||
self._session = session
|
||||
self._closed = False
|
||||
self._sslobj = None
|
||||
self.server_side = server_side
|
||||
self.server_hostname = context._encode_hostname(server_hostname)
|
||||
self.do_handshake_on_connect = do_handshake_on_connect
|
||||
self.suppress_ragged_eofs = suppress_ragged_eofs
|
||||
|
||||
self.settimeout(sock_timeout) # Must come after setblocking() calls.
|
||||
self._connected = connected
|
||||
if connected:
|
||||
# create the SSL object
|
||||
# See if we are connected
|
||||
try:
|
||||
self.getpeername()
|
||||
except OSError as e:
|
||||
if e.errno != errno.ENOTCONN:
|
||||
raise
|
||||
connected = False
|
||||
blocking = self.getblocking()
|
||||
self.setblocking(False)
|
||||
try:
|
||||
# We are not connected so this is not supposed to block, but
|
||||
# testing revealed otherwise on macOS and Windows so we do
|
||||
# the non-blocking dance regardless. Our raise when any data
|
||||
# is found means consuming the data is harmless.
|
||||
notconn_pre_handshake_data = self.recv(1)
|
||||
except OSError as e:
|
||||
# EINVAL occurs for recv(1) on non-connected on unix sockets.
|
||||
if e.errno not in (errno.ENOTCONN, errno.EINVAL):
|
||||
raise
|
||||
notconn_pre_handshake_data = b''
|
||||
self.setblocking(blocking)
|
||||
if notconn_pre_handshake_data:
|
||||
# This prevents pending data sent to the socket before it was
|
||||
# closed from escaping to the caller who could otherwise
|
||||
# presume it came through a successful TLS connection.
|
||||
reason = "Closed before TLS handshake with data in recv buffer."
|
||||
notconn_pre_handshake_data_error = SSLError(e.errno, reason)
|
||||
# Add the SSLError attributes that _ssl.c always adds.
|
||||
notconn_pre_handshake_data_error.reason = reason
|
||||
notconn_pre_handshake_data_error.library = None
|
||||
try:
|
||||
raise notconn_pre_handshake_data_error
|
||||
finally:
|
||||
# Explicitly break the reference cycle.
|
||||
notconn_pre_handshake_data_error = None
|
||||
else:
|
||||
connected = True
|
||||
|
||||
self.settimeout(sock_timeout) # Must come after setblocking() calls.
|
||||
self._connected = connected
|
||||
if connected:
|
||||
# create the SSL object
|
||||
self._sslobj = self._context._wrap_socket(
|
||||
self, server_side, self.server_hostname,
|
||||
owner=self, session=self._session,
|
||||
|
|
@ -1069,9 +1065,12 @@ class SSLSocket(socket):
|
|||
# non-blocking
|
||||
raise ValueError("do_handshake_on_connect should not be specified for non-blocking sockets")
|
||||
self.do_handshake()
|
||||
except (OSError, ValueError):
|
||||
except:
|
||||
try:
|
||||
self.close()
|
||||
raise
|
||||
except OSError:
|
||||
pass
|
||||
raise
|
||||
return self
|
||||
|
||||
@property
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue