classification
Title: SSLSocket.recv(0) receives up to 1024 bytes
Type: behavior Stage: resolved
Components: Library (Lib) Versions: Python 3.6, Python 3.5, Python 2.7
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: alex, christian.heimes, dstufft, martin.panter, python-dev
Priority: normal Keywords: patch

Created on 2015-03-29 10:30 by martin.panter, last changed 2016-07-11 13:29 by martin.panter. This issue is now closed.

Files
File name Uploaded Description Edit
recv-zero.patch martin.panter, 2015-05-15 05:04 review
recv-zero.v2.patch martin.panter, 2016-06-27 04:32 review
Messages (7)
msg239483 - (view) Author: Martin Panter (martin.panter) * (Python committer) Date: 2015-03-29 10:30
The documentation claims that SSL socket objects provide some of the same methods as plain socket objects, including recv(), and that the “bufsize” parameter specifies the maximum amount of data to be received. With ordinary sockets, socket.recv(0) always seems to return zero bytes (b""), as expected. But not so with SSL sockets:

>>> import socket, ssl
>>> s = ssl.wrap_socket(socket.create_connection(("localhost", 631)))
>>> s.sendall(b"GET / HTTP/1.1\r\nHost: localhost\r\n\r\n")
35
>>> len(s.recv(0))
263
>>> len(s.recv(0))
1024

The call will hang or raise SSLWantReadError when no data is actually available. Looking at the code, the value of zero seems to be used as a placeholder for a default of 1024 in SSLObject.read(). Either the SSL module should be fixed to return no bytes (my preference), or the documentation needs to warn that the recv(0) is not supported, or does not work the same as for plain sockets. SSLSocket.read() might also be affected.
msg243244 - (view) Author: Martin Panter (martin.panter) * (Python committer) Date: 2015-05-15 05:04
Here is a patch for 3.5 that changes the default size to explicitly be 1024, and tests that recv(0) and read(0) now work as I expect they should by returning nothing.
msg262549 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2016-03-28 03:08
New changeset 7a3c5f7dda86 by Martin Panter in branch '3.5':
Issue #23804: Fix SSL recv/read(0) to not return 1024 bytes
https://hg.python.org/cpython/rev/7a3c5f7dda86

New changeset 72c457f9533a by Martin Panter in branch 'default':
Issue #23804: Merge SSL zero read fix from 3.5
https://hg.python.org/cpython/rev/72c457f9533a

New changeset f4cff2bf9903 by Martin Panter in branch '2.7':
Issue #23804: Fix SSL recv/read(0) to not return 1024 bytes
https://hg.python.org/cpython/rev/f4cff2bf9903
msg269344 - (view) Author: Martin Panter (martin.panter) * (Python committer) Date: 2016-06-27 04:32
This was not fixed properly. The first symptom is that recv(0) etc still blocks if the other end sends no data. The second symptom is that it does not work with suppress_ragged_eofs=False. The problem is SSL is still called to do a read, which returns zero, and that seems to be interpreted as some kind of EOF or shutdown indicator.

(IMO suppress_ragged_eofs=True is a bad default. It essentially treats a man-in-the-middle shutdown as a genuine secure shutdown, but that would be a separate issue.)
msg270152 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2016-07-11 01:38
New changeset 74856df7e55b by Martin Panter in branch '3.5':
Issue #23804: Fix SSL zero-length recv() calls to not block and raise EOF
https://hg.python.org/cpython/rev/74856df7e55b

New changeset 43d7e5fb3bc2 by Martin Panter in branch '2.7':
Issue #23804: Fix SSL zero-length recv() calls to not block and raise EOF
https://hg.python.org/cpython/rev/43d7e5fb3bc2

New changeset 4ef2404d343e by Martin Panter in branch 'default':
Issue #23804: Merge SSL recv() fix from 3.5
https://hg.python.org/cpython/rev/4ef2404d343e
msg270177 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2016-07-11 13:20
New changeset df908a9d97a6 by Martin Panter in branch 'default':
Issue #23804: Merge spelling and NEWS fixes from 3.5
https://hg.python.org/cpython/rev/df908a9d97a6
msg270180 - (view) Author: Martin Panter (martin.panter) * (Python committer) Date: 2016-07-11 13:29
Oops, that last merge is not related to this
History
Date User Action Args
2016-07-11 13:29:04martin.pantersetmessages: + msg270180
2016-07-11 13:20:56python-devsetmessages: + msg270177
2016-07-11 06:54:06martin.pantersetstatus: open -> closed
stage: patch review -> resolved
2016-07-11 01:38:10python-devsetmessages: + msg270152
2016-06-27 04:32:24martin.pantersetstatus: closed -> open
files: + recv-zero.v2.patch
messages: + msg269344

stage: resolved -> patch review
2016-03-28 06:39:32martin.pantersetstatus: open -> closed
stage: patch review -> resolved
resolution: fixed
versions: + Python 3.6, - Python 3.4
2016-03-28 03:08:37python-devsetnosy: + python-dev
messages: + msg262549
2015-05-15 05:04:50martin.pantersetfiles: + recv-zero.patch
keywords: + patch
messages: + msg243244

stage: patch review
2015-03-30 02:54:04ned.deilysetnosy: + christian.heimes, alex, dstufft
2015-03-29 10:30:23martin.pantercreate