Message7726
When creating a ssl socket with ssl.socket(some_sock) the returned object is missing proper recv() and makefile() methods.
If one uses those methods they are taken form the underlying socket.
This leads to unencrypted data being sent over the underlying socket which will be rejected by the remote host with a ssl error.
The data of this error is then returned on rcv() to the caller.
Testcases:
recv():
import socket
import ssl
import time
sock = socket.create_connection(('httpbin.org', 443))
ssl_sock = ssl.wrap_socket(sock)
ssl_sock.write(b"GET /ip HTTP/1.1\r\nHost:httpbin.org\r\n\r\n")
while True:
time.sleep(1)
print(ssl_sock.recv(10000))
makefile():
import httplib
conn = httplib.HTTPSConnection("httpbin.org")
conn.request("GET", "/ip")
r = conn.getresponse()
print(r.read())
The issue with recv() can be fixed by aliasing it to read()
recv = read |
|
Date |
User |
Action |
Args |
2013-02-20 18:46:39 | t-8ch | set | recipients:
+ t-8ch |
2013-02-20 18:46:39 | t-8ch | set | messageid: <1361385999.45.0.0273330958524.issue2016@psf.upfronthosting.co.za> |
2013-02-20 18:46:39 | t-8ch | link | issue2016 messages |
2013-02-20 18:46:39 | t-8ch | create | |
|