Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Neither DTLS nor error for SSLSocket.sendto() of UDP socket #63621

Closed
tiran opened this issue Oct 28, 2013 · 9 comments
Closed

Neither DTLS nor error for SSLSocket.sendto() of UDP socket #63621

tiran opened this issue Oct 28, 2013 · 9 comments
Labels
stdlib Python modules in the Lib dir type-bug An unexpected behavior, bug, or error

Comments

@tiran
Copy link
Member

tiran commented Oct 28, 2013

BPO 19422
Nosy @pitrou, @giampaolo, @tiran, @vajrasky
Files
  • raises_error_on_wrap_socket_with_sock_dgram.patch
  • raises_error_on_wrap_socket_with_sock_dgram_v2.patch
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = None
closed_at = <Date 2013-12-28.16:36:28.776>
created_at = <Date 2013-10-28.12:56:51.010>
labels = ['type-bug', 'library']
title = 'Neither DTLS nor error for SSLSocket.sendto() of UDP socket'
updated_at = <Date 2013-12-28.16:36:28.775>
user = 'https://github.com/tiran'

    bugs.python.org fields:

    activity = <Date 2013-12-28.16:36:28.775>
actor = 'pitrou'
assignee = 'none'
closed = True
closed_date = <Date 2013-12-28.16:36:28.776>
closer = 'pitrou'
components = ['Library (Lib)']
creation = <Date 2013-10-28.12:56:51.010>
creator = 'christian.heimes'
dependencies = []
files = ['32489', '33256']
hgrepos = []
issue_num = 19422
keywords = ['patch']
message_count = 9.0
messages = ['201535', '201536', '201540', '202095', '206840', '207036', '207037', '207038', '207039']
nosy_count = 6.0
nosy_names = ['janssen', 'pitrou', 'giampaolo.rodola', 'christian.heimes', 'python-dev', 'vajrasky']
pr_nums = []
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'behavior'
url = 'https://bugs.python.org/issue19422'
versions = ['Python 2.7', 'Python 3.3', 'Python 3.4']
    @tiran
    Copy link
    Member Author

    tiran commented Oct 28, 2013

    Python's SSL module doesn't support DTLS (datagram TLS for UDP). The SSL code doesn't complain when an UDP socket is wrapped in a SSL socket. It happily sends the bytes unprotected and not encrypted over the wire:

    >>> import ssl, socket
>>> sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
>>> ssock = ssl.wrap_socket(sock)
>>> ssock.sendto(b"data", ("localhost", 12345))
4

    TCP sockets at least complain that the connection hasn't been established yet.

    >>> sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
>>> ssock = ssl.wrap_socket(sock)
>>> ssock.sendto(b"data", ("localhost", 12345))
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/home/heimes/dev/python/cpython/Lib/ssl.py", line 517, in sendto
    return socket.sendto(self, data, flags_or_addr)
BrokenPipeError: [Errno 32] Broken pipe

    @tiran tiran added extension-modules C modules in the Modules dir type-bug An unexpected behavior, bug, or error labels Oct 28, 2013
    @tiran
    Copy link
    Member Author

    tiran commented Oct 28, 2013

    I think either sendto() or wrap_socket() should raise some kind of error for UDP instead of silently sending unencrypted data.

    @pitrou
    Copy link
    Member

    pitrou commented Oct 28, 2013

    Agreed, this should definitely be fixed.

    @pitrou pitrou added stdlib Python modules in the Lib dir and removed extension-modules C modules in the Modules dir labels Oct 28, 2013
    @vajrasky
    Copy link
    Mannequin

    vajrasky mannequin commented Nov 4, 2013

    Attached the patch to raise error when using sock dgram in wrap_socket.

    I am still unsure whether I should put the validation in C code (private function _wrap_socket) or not.

    @vajrasky
    Copy link
    Mannequin

    vajrasky mannequin commented Dec 23, 2013

    Thanks, Antoine, for the review! Attached the patch to address Antoine's concern.

    @pitrou
    Copy link
    Member

    pitrou commented Dec 28, 2013

    Actually, it seems the patch is flawed:

    >>> sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
>>> sock.type
2
>>> sock.settimeout(0)
>>> sock.type
2050

    But getsockopt() returns the expected value:

    >>> sock.getsockopt(socket.SOL_SOCKET, socket.SO_TYPE)
2

    @python-dev
    Copy link
    Mannequin

    python-dev mannequin commented Dec 28, 2013

    New changeset a00842b783cf by Antoine Pitrou in branch '3.3':
    Issue bpo-19422: Explicitly disallow non-SOCK_STREAM sockets in the ssl module, rather than silently let them emit clear text data.
    http://hg.python.org/cpython/rev/a00842b783cf

    New changeset f7dc02e6987a by Antoine Pitrou in branch 'default':
    Issue bpo-19422: Explicitly disallow non-SOCK_STREAM sockets in the ssl module, rather than silently let them emit clear text data.
    http://hg.python.org/cpython/rev/f7dc02e6987a

    @python-dev
    Copy link
    Mannequin

    python-dev mannequin commented Dec 28, 2013

    New changeset 44841d81bf14 by Antoine Pitrou in branch '2.7':
    Issue bpo-19422: Explicitly disallow non-SOCK_STREAM sockets in the ssl module, rather than silently let them emit clear text data.
    http://hg.python.org/cpython/rev/44841d81bf14

    @pitrou
    Copy link
    Member

    pitrou commented Dec 28, 2013

    Updated patch is stricter (it checks for SOCK_STREAM). Pushed!

    @pitrou pitrou closed this as completed Dec 28, 2013
    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Assignees
    No one assigned
    Labels
    stdlib Python modules in the Lib dir type-bug An unexpected behavior, bug, or error
    Projects
    None yet
    Milestone
    No milestone
    Development

    No branches or pull requests
    2 participants
    @tiran @pitrou