classification
Title: _ctypes.dlsym (py_dl_sym) does not trigger audit hooks
Type: behavior Stage: resolved
Components: Extension Modules Versions: Python 3.9, Python 3.8
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: steve.dower Nosy List: miss-islington, steve.dower, tholl
Priority: normal Keywords: patch

Created on 2019-10-28 18:18 by tholl, last changed 2019-11-18 22:03 by steve.dower. This issue is now closed.

Files
File name Uploaded Description Edit
audit.patch tholl, 2019-10-28 18:18 Minimal patch for this issue
audit-test.py tholl, 2019-10-31 23:52 Test case
Pull Requests
URL Status Linked Edit
PR 17158 merged steve.dower, 2019-11-15 00:12
PR 17242 merged miss-islington, 2019-11-18 19:32
PR 17243 merged steve.dower, 2019-11-18 19:43
PR 17245 merged miss-islington, 2019-11-18 21:30
Messages (9)
msg355583 - (view) Author: (tholl) * Date: 2019-10-28 18:18
The dlsym operation generally (e.g. when done through a ctypes.CDLL object) triggers the "ctypes.dlsym" audit event. However, using _ctypes.dlsym directly does not trigger this event. This appears to be an oversight, given that _ctypes.dlopen *does* trigger the "ctypes.dlopen" audit event.

A (very minimal) patch is attached.

I was not entirely sure what format the DLL handle should take when it is passed to the audit function, so for now it just turns it back into a number via PyLong_FromVoidPtr (i.e. into the same format in which it is passed into _ctypes.dlsym in the first place).
msg355776 - (view) Author: (tholl) * Date: 2019-10-31 23:52
I probably should have done this earlier, but here's a small test case that reproduces the issue. The assert fails in vanilla Python 3.8, but passes with the patch.
msg356621 - (view) Author: Steve Dower (steve.dower) * (Python committer) Date: 2019-11-14 18:28
Thanks! Would you like to create a PR on GitHub for this? Or are you happy for me to do it.
msg356623 - (view) Author: Steve Dower (steve.dower) * (Python committer) Date: 2019-11-14 18:35
Actually, it looks like we need to add events for many of the _ctypes functions, so I'll go through and do them.
msg356905 - (view) Author: Steve Dower (steve.dower) * (Python committer) Date: 2019-11-18 19:32
New changeset 00923c63995e34cdc25d699478f113de99a69df9 by Steve Dower in branch 'master':
bpo-38622: Add missing audit events for ctypes module (GH-17158)
https://github.com/python/cpython/commit/00923c63995e34cdc25d699478f113de99a69df9
msg356906 - (view) Author: Steve Dower (steve.dower) * (Python committer) Date: 2019-11-18 19:47
Typically, as soon as I merge, I spot an edge case issue.

PySys_Audit(n, "O", a) is deliberately going to treat 'a' as the tuple of arguments (when it is a tuple). This lets us simplify/optimise events where the event arguments match the function arguments exactly. If 'a' is not a tuple, it gets wrapped in one.

When 'a' is meant to be a single argument that _might_ be a tuple, such as in PyObj_FromPtr, the format string needs to be "(O)" to ensure it is treated as a one element tuple. This is just how Py_BuildValue works - multiple elements become a tuple and the parens are optional unless you want a one-element tuple.
msg356907 - (view) Author: miss-islington (miss-islington) Date: 2019-11-18 19:53
New changeset 47db7439dd858c3634212c71137eb130f811bda4 by Miss Islington (bot) in branch '3.8':
bpo-38622: Add missing audit events for ctypes module (GH-17158)
https://github.com/python/cpython/commit/47db7439dd858c3634212c71137eb130f811bda4
msg356912 - (view) Author: Steve Dower (steve.dower) * (Python committer) Date: 2019-11-18 21:30
New changeset dcf1f83de8678b09df5bd7d04ca5f4ef1cd02aca by Steve Dower in branch 'master':
bpo-38622: Ensure ctypes.PyObj_FromPtr audit event passes tuples as a single argument (GH-17243)
https://github.com/python/cpython/commit/dcf1f83de8678b09df5bd7d04ca5f4ef1cd02aca
msg356917 - (view) Author: miss-islington (miss-islington) Date: 2019-11-18 21:59
New changeset bec7015dcc421a68cde030c5e4ca8e28408ef52d by Miss Islington (bot) in branch '3.8':
bpo-38622: Ensure ctypes.PyObj_FromPtr audit event passes tuples as a single argument (GH-17243)
https://github.com/python/cpython/commit/bec7015dcc421a68cde030c5e4ca8e28408ef52d
History
Date User Action Args
2019-11-18 22:03:04steve.dowersetstatus: open -> closed
resolution: fixed
stage: patch review -> resolved
2019-11-18 21:59:55miss-islingtonsetmessages: + msg356917
2019-11-18 21:30:14miss-islingtonsetpull_requests: + pull_request16744
2019-11-18 21:30:05steve.dowersetmessages: + msg356912
2019-11-18 19:53:43miss-islingtonsetnosy: + miss-islington
messages: + msg356907
2019-11-18 19:47:25steve.dowersetmessages: + msg356906
2019-11-18 19:43:53steve.dowersetpull_requests: + pull_request16742
2019-11-18 19:32:59miss-islingtonsetpull_requests: + pull_request16741
2019-11-18 19:32:49steve.dowersetmessages: + msg356905
2019-11-15 00:12:57steve.dowersetstage: patch review
pull_requests: + pull_request16667
2019-11-14 22:04:48steve.dowersetassignee: steve.dower
2019-11-14 18:35:34steve.dowersetmessages: + msg356623
2019-11-14 18:28:15steve.dowersetnosy: + steve.dower
messages: + msg356621
2019-10-31 23:52:30thollsetfiles: + audit-test.py
type: behavior
messages: + msg355776
2019-10-28 18:18:57thollcreate