Message7726

Author t-8ch
Recipients t-8ch
Date 2013-02-20.18:46:39
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1361385999.45.0.0273330958524.issue2016@psf.upfronthosting.co.za>
In-reply-to
Content
When creating a ssl socket with ssl.socket(some_sock) the returned object is missing proper recv() and makefile() methods.

If one uses those methods they are taken form the underlying socket.
This leads to unencrypted data being sent over the underlying socket which will be rejected by the remote host with a ssl error.
The data of this error is then returned on rcv() to the caller.

Testcases:

recv():

import socket
import ssl
import time

sock = socket.create_connection(('httpbin.org', 443))
ssl_sock = ssl.wrap_socket(sock)
ssl_sock.write(b"GET /ip HTTP/1.1\r\nHost:httpbin.org\r\n\r\n")
while True:
    time.sleep(1)
    print(ssl_sock.recv(10000))

makefile():

import httplib
conn = httplib.HTTPSConnection("httpbin.org")
conn.request("GET", "/ip")
r = conn.getresponse()

print(r.read())


The issue with recv() can be fixed by aliasing it to read()

recv = read
History
Date User Action Args
2013-02-20 18:46:39t-8chsetrecipients: + t-8ch
2013-02-20 18:46:39t-8chsetmessageid: <1361385999.45.0.0273330958524.issue2016@psf.upfronthosting.co.za>
2013-02-20 18:46:39t-8chlinkissue2016 messages
2013-02-20 18:46:39t-8chcreate