Issue #19422: Explicitly disallow non-SOCK_STREAM sockets in the ssl module, rather than silently let them emit clear text data.

2025-08-27 04:05:34 +00:00 · 2013-12-28 17:30:51 +01:00 · 2013-12-28 17:30:51 +01:00 · e6d2f159fc
commit e6d2f159fc
parent c1764dd350 3e86ba4e32
4 changed files with 33 additions and 8 deletions
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@ -150,6 +150,7 @@ if sys.platform == "win32":
 from socket import getnameinfo as _getnameinfo
 from socket import SHUT_RDWR as _SHUT_RDWR
 from socket import socket, AF_INET, SOCK_STREAM, create_connection
+from socket import SOL_SOCKET, SO_TYPE
 import base64        # for DER-to-PEM translation
 import traceback
 import errno
@ -482,6 +483,10 @@ class SSLSocket(socket):
            self.ssl_version = ssl_version
            self.ca_certs = ca_certs
            self.ciphers = ciphers
+        # Can't use sock.type as other flags (such as SOCK_NONBLOCK) get
+        # mixed in.
+        if sock.getsockopt(SOL_SOCKET, SO_TYPE) != SOCK_STREAM:
+            raise NotImplementedError("only stream sockets are supported")
        if server_side and server_hostname:
            raise ValueError("server_hostname can only be specified "
                             "in client mode")