classification
Title: _multiprocessing.recvfd() doesn't check that file descriptor was actually received
Type: behavior Stage: resolved
Components: Extension Modules Versions: Python 3.2, Python 3.3, Python 2.7
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: jcea Nosy List: baikie, jcea, neologix, python-dev
Priority: normal Keywords: patch

Created on 2011-09-20 21:00 by baikie, last changed 2011-09-21 06:53 by neologix. This issue is now closed.

Files
File name Uploaded Description Edit
recvfd-check.diff baikie, 2011-09-20 21:00
recvfd-skip-reduction-fix.diff baikie, 2011-09-20 21:01
Messages (3)
msg144351 - (view) Author: David Watson (baikie) Date: 2011-09-20 21:00
The function _multiprocessing.recvfd() calls recvmsg() and
expects to receive a file descriptor in an SCM_RIGHTS control
message, but doesn't check that such a control message is
actually present.  So if the sender sends data without an
accompanying file descriptor, recvfd() will the return the
integer value of the uninitialized CMSG_DATA() buffer.

The attached recvfd-check.diff checks for a complete control
message of the correct type, and raises RuntimeError if it isn't
there.  This matches the behaviour of the proposed pure-Python
implementation at issue #12981.

The patch includes a test case, but like the other recently-added
tests for the function, it isn't guarded against
multiprocessing.reduction being unavailable.  Issue #12981 has a
patch "skip_reduction.diff" (already in 3.3) to fix this, and I'm
attaching recvfd-skip-reduction-fix.diff to apply on top of it
and guard the new test case as well.
msg144362 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2011-09-21 01:56
New changeset 21e7a55cb943 by Jesus Cea in branch '2.7':
Close #13022: _multiprocessing.recvfd() doesn't check that file descriptor was actually received
http://hg.python.org/cpython/rev/21e7a55cb943

New changeset 447770470d00 by Jesus Cea in branch '3.2':
Close #13022: _multiprocessing.recvfd() doesn't check that file descriptor was actually received
http://hg.python.org/cpython/rev/447770470d00

New changeset 74434cff2c90 by Jesus Cea in branch 'default':
Close #13022: _multiprocessing.recvfd() doesn't check that file descriptor was actually received
http://hg.python.org/cpython/rev/74434cff2c90
msg144368 - (view) Author: Charles-Fran├žois Natali (neologix) * (Python committer) Date: 2011-09-21 06:53
> The patch includes a test case, but like the other recently-added
> tests for the function, it isn't guarded against
> multiprocessing.reduction being unavailable.  Issue #12981 has a
> patch "skip_reduction.diff" (already in 3.3) to fix this,

I'll apply skip_reduction.diff and your patch to 2.7 and 3.2.
History
Date User Action Args
2011-09-21 06:53:08neologixsetmessages: + msg144368
2011-09-21 01:56:11python-devsetstatus: open -> closed

nosy: + python-dev
messages: + msg144362

resolution: fixed
stage: resolved
2011-09-21 01:43:41jceasetassignee: jcea

nosy: + jcea
2011-09-20 21:02:00vstinnersetnosy: + neologix
2011-09-20 21:01:05baikiesetfiles: + recvfd-skip-reduction-fix.diff
2011-09-20 21:00:47baikiecreate