Message 106929 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	Edward.Pilatowicz
Recipients	Edward.Pilatowicz
Date	2010-06-03.01:27:45
SpamBayes Score	4.1224698e-07
Marked as misclassified	No
Message-id	<1275528470.51.0.813873994417.issue8882@psf.upfronthosting.co.za>
In-reply-to

Content
recently i was writing some python code that attempted to bind a unix domain socket to a long filesystem path. this code was failing and telling me that the path name was too long. tracing python i saw that it wasn't event issuing a system call for my bind() request. eventually i tracked down the problem to socketmodule.c`getsockaddrarg(): http://svn.python.org/view/python/trunk/Modules/socketmodule.c?view=markup there we see that getsockaddrarg() checks to verify that the specified path is less than "sizeof addr->sun_path", where addr is a struct sockaddr_un. this seems incorrect to me. on most systems sockaddr_un.sun_path is defined as a small character array. this limit is an ancient bit of unix legacy and most modern systems do not actually limit domain socket names to a path as short as sun_path. on solaris the real limit is MAXPATHLEN, there by allowing unix domain sockets to be bound to any filesystem path. the posix specification also says that users of the sockaddr_un structure should not make any assumptions about the maximum supported length of sun_path. from: http://www.opengroup.org/onlinepubs/009695399/basedefs/sys/un.h.html we have: char sun_path[] socket pathname ... The size of sun_path has intentionally been left undefined. This is because different implementations use different sizes. For example, 4.3 BSD uses a size of 108, and 4.4 BSD uses a size of 104. Since most implementations originate from BSD versions, the size is typically in the range 92 to 108. Applications should not assume a particular length for sun_path or assume that it can hold {_POSIX_PATH_MAX} characters (255). hence, it seems to me that python should not actually be doing any size checks on the path passed to getsockaddrarg(). instead is should dynamically allocate a sockaddr_un large enough to hold whatever string was pass in. this structure can then be passed on to system calls which can they check if the specified path is of a supported length. (if you look at the posix definitions for bind() and connect() you'll see that they both can return ENAMETOOLONG if the passed in pathname is too large.)

recently i was writing some python code that attempted to bind a unix
domain socket to a long filesystem path.  this code was failing and
telling me that the path name was too long.  tracing python i saw that
it wasn't event issuing a system call for my bind() request.  eventually
i tracked down the problem to socketmodule.c`getsockaddrarg():

http://svn.python.org/view/python/trunk/Modules/socketmodule.c?view=markup

there we see that getsockaddrarg() checks to verify that the specified
path is less than "sizeof addr->sun_path", where addr is a struct
sockaddr_un.  this seems incorrect to me.

on most systems sockaddr_un.sun_path is defined as a small character
array.  this limit is an ancient bit of unix legacy and most modern
systems do not actually limit domain socket names to a path as short as
sun_path.  on solaris the real limit is MAXPATHLEN, there by allowing
unix domain sockets to be bound to any filesystem path.

the posix specification also says that users of the sockaddr_un 
structure should not make any assumptions about the maximum supported
length of sun_path.

from:
    http://www.opengroup.org/onlinepubs/009695399/basedefs/sys/un.h.html

we have:
    char        sun_path[]    socket pathname
    ...

    The size of sun_path has intentionally been left undefined. This is
    because different implementations use different sizes. For example,
    4.3 BSD uses a size of 108, and 4.4 BSD uses a size of 104. Since
    most implementations originate from BSD versions, the size is
    typically in the range 92 to 108.

    Applications should not assume a particular length for sun_path or
    assume that it can hold {_POSIX_PATH_MAX} characters (255).

hence, it seems to me that python should not actually be doing any size
checks on the path passed to getsockaddrarg().  instead is should
dynamically allocate a sockaddr_un large enough to hold whatever string
was pass in.  this structure can then be passed on to system calls which
can they check if the specified path is of a supported length.  (if you
look at the posix definitions for bind() and connect() you'll see that 
they both can return ENAMETOOLONG if the passed in pathname is too 
large.)

History
Date	User	Action	Args
2010-06-03 01:27:50	Edward.Pilatowicz	set	recipients: + Edward.Pilatowicz
2010-06-03 01:27:50	Edward.Pilatowicz	set	messageid: <1275528470.51.0.813873994417.issue8882@psf.upfronthosting.co.za>
2010-06-03 01:27:47	Edward.Pilatowicz	link	issue8882 messages
2010-06-03 01:27:45	Edward.Pilatowicz	create