Fix #12835: prevent use of the unencrypted sendmsg/recvmsg APIs on SSL wrapped sockets (Patch by David Watson)

2025-10-10 00:43:41 +00:00 · 2011-08-28 00:00:27 +10:00 · 2011-08-28 00:00:27 +10:00 · 513886aabb
commit 513886aabb
parent a89c32ccd9
3 changed files with 26 additions and 0 deletions
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@ -355,6 +355,12 @@ class SSLSocket(socket):
        else:
            return socket.sendto(self, data, flags_or_addr, addr)

+    def sendmsg(self, *args, **kwargs):
+        # Ensure programs don't send data unencrypted if they try to
+        # use this method.
+        raise NotImplementedError("sendmsg not allowed on instances of %s" %
+                                  self.__class__)
+
    def sendall(self, data, flags=0):
        self._checkClosed()
        if self._sslobj:
@ -413,6 +419,14 @@ class SSLSocket(socket):
        else:
            return socket.recvfrom_into(self, buffer, nbytes, flags)

+    def recvmsg(self, *args, **kwargs):
+        raise NotImplementedError("recvmsg not allowed on instances of %s" %
+                                  self.__class__)
+
+    def recvmsg_into(self, *args, **kwargs):
+        raise NotImplementedError("recvmsg_into not allowed on instances of "
+                                  "%s" % self.__class__)
+
    def pending(self):
        self._checkClosed()
        if self._sslobj: