Author Dima.Tisnek
Recipients Dima.Tisnek
Date 2018-12-05.08:41:11
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
socket.socket gained a fileno= kwarg the value of which is not checked if address family and socket type are both provided.

For example, following is accepted:

>>> socket.socket(socket.AF_INET, socket.SOCK_STREAM, fileno=-1234)
>>> socket.socket(socket.AF_INET, socket.SOCK_STREAM, fileno=1234)
>>> socket.socket(socket.AF_INET, socket.SOCK_STREAM, fileno=0.999)

Resulting in a socket object that will fail at runtime.

One of the implications is that it's possible to "steal" file descriptor, i.e. create a socket for an fd that doesn't exist; then some other function/thread happens to create e.g. socket with this specific fd, which can be "unexpectedly" used (or closed or modified, e.g. non-blocking changed) through the first socket object.

Additionally if the shorthand is used, the exception raised in these cases has odd text, at least it was misleading for me.

>>> socket.socket(fileno=get_wrong_fd_from_somewhere())
OSError: [Errno 9] Bad file descriptor: 'family'

I thought that I had a bug whereby a string was passed in instead of an int fd;
Ultimately I had to look in cpython source code to understand what the "family" meant.

I volunteer to submit a patch!
Date User Action Args
2018-12-05 08:41:12Dima.Tisneksetrecipients: + Dima.Tisnek
2018-12-05 08:41:12Dima.Tisneksetmessageid: <>
2018-12-05 08:41:12Dima.Tisneklinkissue35415 messages
2018-12-05 08:41:11Dima.Tisnekcreate