Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gh-113280: Always close socket if SSLSocket creation failed #114659

Merged
merged 5 commits into from
Feb 4, 2024
Merged

gh-113280: Always close socket if SSLSocket creation failed #114659

merged 5 commits into from
Feb 4, 2024

Conversation

serhiy-storchaka
Copy link
Member

@serhiy-storchaka serhiy-storchaka commented Jan 27, 2024
edited by bedevere-app bot

@serhiy-storchaka @graingert
pythongh-113280: Always close socket if SSLSocket creation failed
f53fdec 
Co-authored-by: Thomas Grainger <tagrain@gmail.com>
@serhiy-storchaka serhiy-storchaka added needs backport to 3.11 only security fixes needs backport to 3.12 bug and security fixes labels Jan 27, 2024
@bedevere-app bedevere-app bot mentioned this pull request Jan 27, 2024
Closed
@serhiy-storchaka serhiy-storchaka mentioned this pull request Jan 27, 2024
Closed
graingert
graingert reviewed Jan 28, 2024
View reviewed changes
Lib/ssl.py Outdated
Comment on lines 1001 to 1005
self = cls.__new__(cls, **kwargs)
super(SSLSocket, self).__init__(**kwargs)
sock_timeout = sock.gettimeout()
sock.detach()
try:
sock_timeout = sock.gettimeout()
sock.detach()
Copy link
Contributor

@graingert graingert Jan 28, 2024
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it would be better to call sock.gettimeout() and sock.detach() outside the try/catch - as if either of those raise you could get a double close

        sock_timeout = sock.gettimeout()
        kwargs = dict(
            family=sock.family, type=sock.type, proto=sock.proto,
            fileno=sock.detatch()
        )
        self = cls.__new__(cls, **kwargs)
        super(SSLSocket, self).__init__(**kwargs)
        try:
            self._context = context
            ...

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But what if __new__ or __init__ raise?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Then they should be responsible for closing the passed in fileno

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

They are not. If you pass a fileno, you are responsible (in this case it is the responsibility of sock until detach() is called).

graingert
graingert reviewed Jan 28, 2024
View reviewed changes
Lib/ssl.py Outdated Show resolved Hide resolved
serhiy-storchaka and others added 3 commits January 28, 2024 14:00
@serhiy-storchaka @graingert
Update Lib/ssl.py
1d0cd4e 
Co-authored-by: Thomas Grainger <tagrain@gmail.com>
@serhiy-storchaka
Add some tests.
b5e226d
@serhiy-storchaka
Add more tests.
42aff2c
@serhiy-storchaka
Copy link
Member Author

I added tests, although the original case reported in the issue is not covered by tests. But I added tests for two cases in which an explicit close() was already called and which are now merged with a more general solution. And a new test for incorrect hostname, it emits a resource warning without this fix.

@serhiy-storchaka serhiy-storchaka enabled auto-merge (squash) February 4, 2024 15:20
@serhiy-storchaka serhiy-storchaka merged commit 0ea3662 into python:main Feb 4, 2024
31 checks passed
@miss-islington-app
Copy link

Thanks @serhiy-storchaka for the PR 🌮🎉.. I'm working now to backport this PR to: 3.11, 3.12.
🐍🍒⛏🤖

miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Feb 4, 2024
@serhiy-storchaka @graingert @miss-islington
pythongh-113280: Always close socket if SSLSocket creation failed (py…
191f27a 
…thonGH-114659)

(cherry picked from commit 0ea3662)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Co-authored-by: Thomas Grainger <tagrain@gmail.com>
@bedevere-app
Copy link

bedevere-app bot commented Feb 4, 2024

GH-114995 is a backport of this pull request to the 3.12 branch.

miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Feb 4, 2024
@serhiy-storchaka @graingert @miss-islington
pythongh-113280: Always close socket if SSLSocket creation failed (py…
b5f651f 
…thonGH-114659)

(cherry picked from commit 0ea3662)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Co-authored-by: Thomas Grainger <tagrain@gmail.com>
@bedevere-app bedevere-app bot removed the needs backport to 3.12 bug and security fixes label Feb 4, 2024
@bedevere-app
Copy link

bedevere-app bot commented Feb 4, 2024

GH-114996 is a backport of this pull request to the 3.11 branch.

@bedevere-app bedevere-app bot removed the needs backport to 3.11 only security fixes label Feb 4, 2024
serhiy-storchaka added a commit that referenced this pull request Feb 4, 2024
@miss-islington @serhiy-storchaka @graingert
[3.12] gh-113280: Always close socket if SSLSocket creation failed (G…
222ccbc 
…H-114659) (GH-114995)

(cherry picked from commit 0ea3662)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Co-authored-by: Thomas Grainger <tagrain@gmail.com>
serhiy-storchaka added a commit that referenced this pull request Feb 4, 2024
@miss-islington @serhiy-storchaka @graingert
[3.11] gh-113280: Always close socket if SSLSocket creation failed (G…
f8cba75 
…H-114659) (GH-114996)

(cherry picked from commit 0ea3662)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Co-authored-by: Thomas Grainger <tagrain@gmail.com>
aisk pushed a commit to aisk/cpython that referenced this pull request Feb 11, 2024
@serhiy-storchaka @graingert @aisk
pythongh-113280: Always close socket if SSLSocket creation failed (py…
4723a85 
…thonGH-114659)

Co-authored-by: Thomas Grainger <tagrain@gmail.com>
fsc-eriker pushed a commit to fsc-eriker/cpython that referenced this pull request Feb 14, 2024
@serhiy-storchaka @graingert @fsc-eriker
pythongh-113280: Always close socket if SSLSocket creation failed (py…
d29f8ca 
…thonGH-114659)

Co-authored-by: Thomas Grainger <tagrain@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@graingert graingert graingert left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@serhiy-storchaka @graingert