New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSLSocket read/write thread-unsafety #76714
Comments
_ssl.c has thread-usafe code in implementation of read, write and other methods. E.g. 'write' method: 2099 PySSL_BEGIN_ALLOW_THREADS _PySSL_UPDATE_ERRNO_IF updates self->ssl_errno without lock. Similar code used in 'read' method. Later self->ssl_errno is used for decision on retrying the operation. As result, SSL_write can be incorrectly repeated because ssl_errno was updated by 'read' method to SSL_ERROR_WANT_READ from another thread. Looks like commit e6eb48c is the cause. |
Almost seems like an unwinnable race here. We need to collect the error numbers before reacquiring the GIL (which could change some of them), but then if we update the object after getting the lock back we could still have raced with another thread. Perhaps we need to make more dramatic changes to not store error codes against the object? |
I'd gather errno and win error into local variables (or struct) just after SSL call and then pass them to PySSL_SetError. |
Is there anything on the roadmap to fix this? This is a pretty severe bug given that this breaks multi-threaded OpenSSL while the documentation says it's thread-safe. |
We don't have a roadmap, just volunteers. When someone is sufficiently motivated to work on it, it will happen. (You're welcome to try and motivate people with reason, pleading, money and/or abuse, though I don't recommend the last one :) Money doesn't work either on many of us who are really just time-poor.) |
Fixed, with a fix for the regression coming in bpo-34759 |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: