Re: [Python-Dev] Segfault
On Fri, 2007-08-24 at 09:01 -0700, Neal Norwitz wrote: Right. I looked at this with Jeffrey Yasskin and agree that a lock is needed for f_fp. The fix is ugly because it's needed around all accesses to f_fp and there are a ton of them. Some are with the GIL held and others when it isn't. The way I see it, when the GIL is held, we're in the clear because f-f_fp can only disappear with the GIL held. The troublesome cases are those ones where f_fp is accessed inside an allow threads section. To fix this, it shouldn't be necessary to change every individual place that accesses f_fp. It is sufficient to protect the sections that specifically allow threads, changing the semantics from allow threads to allow threads, locking out the ones operating on the same fileobject. For example, instead of Py_BEGIN_ALLOW_THREADS, the fileobject code could use a macro such as: #define PyFile_BEGIN_PROTECT(f) \ PyThread_acquire_lock(f-f_lock, 1); \ if (!f-f_fp) \ ;\ else { #define PyFile_END_PROTECT(f)\ } \ PyThread_release_lock(f-f_lock); That change might be somewhat easier than changing each individual line that accesses f-f_fp. I would be fine with the much simpler approach in the patch I sent (assuming the patch is finished). It doesn't completely address the problem, but does make the race condition much, much smaller. Part of the reason I'm ok with this is that in 3.0, all this code has already been removed. That is a good point. Does your patch make the race crash go away entirely in the tests like the one the OP posted? ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Segfault
Honestly, the argument that this code is already gone in 3.0 is not very valid. 2.x version would be probably used for many years. Cheers, fijal ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Other SSL issues in the tracker have been marked
nope, not on many package based distributions. libssl0.9.8, libssl-dev and openssl are all separate packages (with appropriate dependencies). /usr/bin/openssl comes from the openssl package. Regardless, building a fixed test certificate and checking it in sounds like the better option. Then the openssl command in the test code can be turned into a comment describing how the test data was pregenerated. On 8/27/07, Bill Janssen [EMAIL PROTECTED] wrote: apt-get install openssl will fix that on those systems. on windows you're unlikely to ever have an openssl binary present and available to execute. Well, if you have OpenSSL in the first place, you'll have the binary, won't you? But I agree it's unlikely to be on your path. As for Ubuntu and Debian, I checked the packaging, and they both put the openssl binary in /usr/bin, so it's unlikely to be a path problem. We could just build a fixed certificate and check it in, as the test_socket_ssl test does. That way we wouldn't have to futz with trying to run openssl. Bill ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Other SSL issues in the tracker have been marked
apt-get install openssl will fix that on those systems. on windows you're unlikely to ever have an openssl binary present and available to execute. Well, if you have OpenSSL in the first place, you'll have the binary, won't you? But I agree it's unlikely to be on your path. As for Ubuntu and Debian, I checked the packaging, and they both put the openssl binary in /usr/bin, so it's unlikely to be a path problem. We could just build a fixed certificate and check it in, as the test_socket_ssl test does. That way we wouldn't have to futz with trying to run openssl. Bill ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Other SSL issues in the tracker have been marked
Regardless, building a fixed test certificate and checking it in sounds like the better option. Then the openssl command in the test code can be turned into a comment describing how the test data was pregenerated. Here's a patch that does that. Bill Index: Lib/test/keycert.pem === --- Lib/test/keycert.pem(revision 0) +++ Lib/test/keycert.pem(revision 0) @@ -0,0 +1,32 @@ +-BEGIN RSA PRIVATE KEY- +MIICXwIBAAKBgQC8ddrhm+LutBvjYcQlnH21PPIseJ1JVG2HMmN2CmZk2YukO+9L +opdJhTvbGfEj0DQs1IE8M+kTUyOmuKfVrFMKwtVeCJphrAnhoz7TYOuLBSqt7lVH +fhi/VwovESJlaBOp+WMnfhcduPEYHYx/6cnVapIkZnLt30zu2um+DzA9jQIDAQAB +AoGBAK0FZpaKj6WnJZN0RqhhK+ggtBWwBnc0U/ozgKz2j1s3fsShYeiGtW6CK5nU +D1dZ5wzhbGThI7LiOXDvRucc9n7vUgi0alqPQ/PFodPxAN/eEYkmXQ7W2k7zwsDA +IUK0KUhktQbLu8qF/m8qM86ba9y9/9YkXuQbZ3COl5ahTZrhAkEA301P08RKv3KM +oXnGU2UHTuJ1MAD2hOrPxjD4/wxA/39EWG9bZczbJyggB4RHu0I3NOSFjAm3HQm0 +ANOu5QK9owJBANgOeLfNNcF4pp+UikRFqxk5hULqRAWzVxVrWe85FlPm0VVmHbb/ +loif7mqjU8o1jTd/LM7RD9f2usZyE2psaw8CQQCNLhkpX3KO5kKJmS9N7JMZSc4j +oog58yeYO8BBqKKzpug0LXuQultYv2K4veaIO04iL9VLe5z9S/Q1jaCHBBuXAkEA +z8gjGoi1AOp6PBBLZNsncCvcV/0aC+1se4HxTNo2+duKSDnbq+ljqOM+E7odU+Nq +ewvIWOG//e8fssd0mq3HywJBAJ8l/c8GVmrpFTx8r/nZ2Pyyjt3dH1widooDXYSV +q6Gbf41Llo5sYAtmxdndTLASuHKecacTgZVhy0FryZpLKrU= +-END RSA PRIVATE KEY- +-BEGIN CERTIFICATE- +MIICpzCCAhCgAwIBAgIJAP+qStv1cIGNMA0GCSqGSIb3DQEBBQUAMIGJMQswCQYD +VQQGEwJVUzERMA8GA1UECBMIRGVsYXdhcmUxEzARBgNVBAcTCldpbG1pbmd0b24x +IzAhBgNVBAoTGlB5dGhvbiBTb2Z0d2FyZSBGb3VuZGF0aW9uMQwwCgYDVQQLEwNT +U0wxHzAdBgNVBAMTFnNvbWVtYWNoaW5lLnB5dGhvbi5vcmcwHhcNMDcwODI3MTY1 +NDUwWhcNMTMwMjE2MTY1NDUwWjCBiTELMAkGA1UEBhMCVVMxETAPBgNVBAgTCERl +bGF3YXJlMRMwEQYDVQQHEwpXaWxtaW5ndG9uMSMwIQYDVQQKExpQeXRob24gU29m +dHdhcmUgRm91bmRhdGlvbjEMMAoGA1UECxMDU1NMMR8wHQYDVQQDExZzb21lbWFj +aGluZS5weXRob24ub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8ddrh +m+LutBvjYcQlnH21PPIseJ1JVG2HMmN2CmZk2YukO+9LopdJhTvbGfEj0DQs1IE8 +M+kTUyOmuKfVrFMKwtVeCJphrAnhoz7TYOuLBSqt7lVHfhi/VwovESJlaBOp+WMn +fhcduPEYHYx/6cnVapIkZnLt30zu2um+DzA9jQIDAQABoxUwEzARBglghkgBhvhC +AQEEBAMCBkAwDQYJKoZIhvcNAQEFBQADgYEAF4Q5BVqmCOLv1n8je/Jw9K669VXb +08hyGzQhkemEBYQd6fzQ9A/1ZzHkJKb1P6yreOLSEh4KcxYPyrLRC1ll8nr5OlCx +CMhKkTnR6qBsdNV0XtdU2+N25hqW+Ma4ZeqsN/iiJVCGNOZGnvQuvCAGWF8+J/f/ +iHkC6gGdBJhogs4= +-END CERTIFICATE- Index: Lib/test/test_ssl.py === --- Lib/test/test_ssl.py(revision 57559) +++ Lib/test/test_ssl.py(working copy) @@ -22,7 +22,6 @@ skip_expected = True CERTFILE = None -GMAIL_POP_CERTFILE = None def handle_error(prefix): @@ -298,12 +297,15 @@ nsCertType = server -def create_cert_files(): +def create_cert_files(hostname=None): +This is the routine that was run to create the certificate +and private key contained in keycert.pem. + import tempfile, socket, os d = tempfile.mkdtemp() # now create a configuration file for the CA signing cert -fqdn = socket.getfqdn() +fqdn = hostname or socket.getfqdn() crtfile = os.path.join(d, cert.pem) conffile = os.path.join(d, ca.conf) fp = open(conffile, w) @@ -316,7 +318,7 @@ }) fp.close() error = os.system( -openssl req -batch -new -x509 -days 10 -nodes -config %s +openssl req -batch -new -x509 -days 2000 -nodes -config %s -keyout \%s\ -out \%s\ /dev/null /dev/null 21 % (conffile, crtfile, crtfile)) # now we have a self-signed server cert in crtfile @@ -324,7 +326,8 @@ if (os.WEXITSTATUS(error) or not os.path.exists(crtfile) or os.path.getsize(crtfile) == 0): if test_support.verbose: -sys.stdout.write(Unable to create certificate for test %d\n % error) +sys.stdout.write(Unable to create certificate for test, + + error status %d\n % (error 8)) crtfile = None elif test_support.verbose: sys.stdout.write(open(crtfile, 'r').read() + '\n') @@ -336,7 +339,8 @@ raise test_support.TestSkipped(socket module has no ssl support) global CERTFILE -tdir, CERTFILE = create_cert_files() +CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir, +keycert.pem) if not CERTFILE: sys.__stdout__.write(Skipping test_ssl ConnectedTests; couldn't create a certificate.\n) @@ -362,8 +366,6 @@ # wait for it to stop server.join() -if tdir and os.path.isdir(tdir): -shutil.rmtree(tdir) test_support.threading_cleanup(*thread_info) if __name__ == __main__: ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Other SSL issues in the tracker have been marked
Committed revision 57561. On 8/27/07, Bill Janssen [EMAIL PROTECTED] wrote: Regardless, building a fixed test certificate and checking it in sounds like the better option. Then the openssl command in the test code can be turned into a comment describing how the test data was pregenerated. Here's a patch that does that. Bill Index: Lib/test/keycert.pem === --- Lib/test/keycert.pem(revision 0) +++ Lib/test/keycert.pem(revision 0) @@ -0,0 +1,32 @@ +-BEGIN RSA PRIVATE KEY- +MIICXwIBAAKBgQC8ddrhm+LutBvjYcQlnH21PPIseJ1JVG2HMmN2CmZk2YukO+9L +opdJhTvbGfEj0DQs1IE8M+kTUyOmuKfVrFMKwtVeCJphrAnhoz7TYOuLBSqt7lVH +fhi/VwovESJlaBOp+WMnfhcduPEYHYx/6cnVapIkZnLt30zu2um+DzA9jQIDAQAB +AoGBAK0FZpaKj6WnJZN0RqhhK+ggtBWwBnc0U/ozgKz2j1s3fsShYeiGtW6CK5nU +D1dZ5wzhbGThI7LiOXDvRucc9n7vUgi0alqPQ/PFodPxAN/eEYkmXQ7W2k7zwsDA +IUK0KUhktQbLu8qF/m8qM86ba9y9/9YkXuQbZ3COl5ahTZrhAkEA301P08RKv3KM +oXnGU2UHTuJ1MAD2hOrPxjD4/wxA/39EWG9bZczbJyggB4RHu0I3NOSFjAm3HQm0 +ANOu5QK9owJBANgOeLfNNcF4pp+UikRFqxk5hULqRAWzVxVrWe85FlPm0VVmHbb/ +loif7mqjU8o1jTd/LM7RD9f2usZyE2psaw8CQQCNLhkpX3KO5kKJmS9N7JMZSc4j +oog58yeYO8BBqKKzpug0LXuQultYv2K4veaIO04iL9VLe5z9S/Q1jaCHBBuXAkEA +z8gjGoi1AOp6PBBLZNsncCvcV/0aC+1se4HxTNo2+duKSDnbq+ljqOM+E7odU+Nq +ewvIWOG//e8fssd0mq3HywJBAJ8l/c8GVmrpFTx8r/nZ2Pyyjt3dH1widooDXYSV +q6Gbf41Llo5sYAtmxdndTLASuHKecacTgZVhy0FryZpLKrU= +-END RSA PRIVATE KEY- +-BEGIN CERTIFICATE- +MIICpzCCAhCgAwIBAgIJAP+qStv1cIGNMA0GCSqGSIb3DQEBBQUAMIGJMQswCQYD +VQQGEwJVUzERMA8GA1UECBMIRGVsYXdhcmUxEzARBgNVBAcTCldpbG1pbmd0b24x +IzAhBgNVBAoTGlB5dGhvbiBTb2Z0d2FyZSBGb3VuZGF0aW9uMQwwCgYDVQQLEwNT +U0wxHzAdBgNVBAMTFnNvbWVtYWNoaW5lLnB5dGhvbi5vcmcwHhcNMDcwODI3MTY1 +NDUwWhcNMTMwMjE2MTY1NDUwWjCBiTELMAkGA1UEBhMCVVMxETAPBgNVBAgTCERl +bGF3YXJlMRMwEQYDVQQHEwpXaWxtaW5ndG9uMSMwIQYDVQQKExpQeXRob24gU29m +dHdhcmUgRm91bmRhdGlvbjEMMAoGA1UECxMDU1NMMR8wHQYDVQQDExZzb21lbWFj +aGluZS5weXRob24ub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8ddrh +m+LutBvjYcQlnH21PPIseJ1JVG2HMmN2CmZk2YukO+9LopdJhTvbGfEj0DQs1IE8 +M+kTUyOmuKfVrFMKwtVeCJphrAnhoz7TYOuLBSqt7lVHfhi/VwovESJlaBOp+WMn +fhcduPEYHYx/6cnVapIkZnLt30zu2um+DzA9jQIDAQABoxUwEzARBglghkgBhvhC +AQEEBAMCBkAwDQYJKoZIhvcNAQEFBQADgYEAF4Q5BVqmCOLv1n8je/Jw9K669VXb +08hyGzQhkemEBYQd6fzQ9A/1ZzHkJKb1P6yreOLSEh4KcxYPyrLRC1ll8nr5OlCx +CMhKkTnR6qBsdNV0XtdU2+N25hqW+Ma4ZeqsN/iiJVCGNOZGnvQuvCAGWF8+J/f/ +iHkC6gGdBJhogs4= +-END CERTIFICATE- Index: Lib/test/test_ssl.py === --- Lib/test/test_ssl.py(revision 57559) +++ Lib/test/test_ssl.py(working copy) @@ -22,7 +22,6 @@ skip_expected = True CERTFILE = None -GMAIL_POP_CERTFILE = None def handle_error(prefix): @@ -298,12 +297,15 @@ nsCertType = server -def create_cert_files(): +def create_cert_files(hostname=None): +This is the routine that was run to create the certificate +and private key contained in keycert.pem. + import tempfile, socket, os d = tempfile.mkdtemp() # now create a configuration file for the CA signing cert -fqdn = socket.getfqdn() +fqdn = hostname or socket.getfqdn() crtfile = os.path.join(d, cert.pem) conffile = os.path.join(d, ca.conf) fp = open(conffile, w) @@ -316,7 +318,7 @@ }) fp.close() error = os.system( -openssl req -batch -new -x509 -days 10 -nodes -config %s +openssl req -batch -new -x509 -days 2000 -nodes -config %s -keyout \%s\ -out \%s\ /dev/null /dev/null 21 % (conffile, crtfile, crtfile)) # now we have a self-signed server cert in crtfile @@ -324,7 +326,8 @@ if (os.WEXITSTATUS(error) or not os.path.exists(crtfile) or os.path.getsize(crtfile) == 0): if test_support.verbose: -sys.stdout.write(Unable to create certificate for test %d\n % error) +sys.stdout.write(Unable to create certificate for test, + + error status %d\n % (error 8)) crtfile = None elif test_support.verbose: sys.stdout.write(open(crtfile, 'r').read() + '\n') @@ -336,7 +339,8 @@ raise test_support.TestSkipped(socket module has no ssl support) global CERTFILE -tdir, CERTFILE = create_cert_files() +CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir, +keycert.pem) if not CERTFILE: sys.__stdout__.write(Skipping test_ssl ConnectedTests; couldn't create a certificate.\n) @@ -362,8 +366,6 @@ # wait for it to stop server.join() -if tdir and os.path.isdir(tdir): -shutil.rmtree(tdir) test_support.threading_cleanup(*thread_info) if __name__ == __main__: -- --Guido van Rossum (home page: http://www.python.org/~guido/)
Re: [Python-Dev] tarfile and directory traversal vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Martin v. Löwis wrote: I must admit I fail to see the bug. If root untars a file, and that tar file contains an instruction to overwrite /etc/passwd, why is an error to execute that instruction? Shouldn't root just be more careful when untaring files? GNU tar is not supposed to place files outside its working directory, unless explicitly specified otherwise. So this is considered a security vulnerability. AFAIK there is no specified behavior and other tars might act differently. But i think GNU tar behaves correctly in this regard. Furthermore, extract() and extractall() documentation says Extract (...) from the archive to the *current working directory* or directory [path]. So current behavior is actually inconsistent with the documentation. if tarinfo.name.startswith('../'): self.extract(tarinfo, path) else: warnings.warn(non-local file skipped: %s % tarinfo.name, RuntimeWarning, stacklevel=1) Ok. You seem to be claiming that the tarfile is incorrect in some sense. Can you please point to some spec that says this is an incorrect tarfile? No, the tar file itself is correct, according to POSIX. You can put anything into a tar. Point is, you should be able to untar any file 'safely'. In any case, if you fix what you consider broken, you should do it exactly the same way as GNU tar does it (assuming you consider GNU tar fixed). I can do that. I would propose an optional parameter for extract() and extractall(), absolutePaths, defaulting to False. When encountering a non-local file, it would strip the leading slash or the path up to the last '../' sequence (that is what GNU tar does) and extract the file locally. Setting absolutePaths to True would restore current behavior (no checks). regards, jan matejek -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFG0wtkjBrWA+AvBr8RAmmnAKCtpYYoFZYaNwba2WW11NtRuCyqhwCePkFw 9M2pKHtu0O62fAYfb8NTm3A= =yfVK -END PGP SIGNATURE- ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] tarfile and directory traversal vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lars Gustäbel wrote: Suppose we have: foo - /etc foo/passwd If creation of the foo symlink is delayed, foo/passwd will be extracted in a directory foo which will be created implicitly. If we create the foo symlink afterwards it will fail because foo already exists. The best way would be to completely ignore members and link targets that are absolute or outside the archive's scope. GNU tar doesn't descend into symlinked directories when extracting, such archive fails anyway: # tar xvf foo.tar foo foo/passwd tar: foo/passwd: Cannot open: Not a directory tar: Error exit delayed from previous errors I think that is the simplest solution, but i'm not sure how to best implement that in extractall(). -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFG0wyUjBrWA+AvBr8RAjkJAKCJS+hkV1HYL9egOsyeTE5vj44r5ACeNmt7 HquYw+ON+5qVNoC778OtQRE= =9Kx/ -END PGP SIGNATURE- ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Other SSL issues in the tracker have been marked
Some of the code sets the error string in this directly before returning NULL, and other pieces of the code call PySSL_SetError, which creates the error string. I think some of the places which set the string directly probably shouldn't; instead, they should call PySSL_SetError to cons up the error name directly from the err code. However, PySSL_SetError only works after the construction of an ssl object, which means it can't be used there... I'll take a longer look at it and see if there's a reasonable fix. Here's a patch which addresses this. It also fixes the indentation in PySSL_SetError, bringing it into line with PEP 7, fixes a compile warning about one of the OpenSSL macros, and makes the namespace a bit more consistent. I've tested it on FC 7 and OS X 10.4. % ./python ./Lib/test/regrtest.py -R :1: -u all test_ssl test_ssl beginning 6 repetitions 123456 .. 1 test OK. [29244 refs] % Bill Index: Modules/_ssl.c === --- Modules/_ssl.c (revision 57564) +++ Modules/_ssl.c (working copy) @@ -122,71 +122,74 @@ char buf[2048]; char *errstr; int err; - enum py_ssl_error p; + enum py_ssl_error p = PY_SSL_ERROR_NONE; assert(ret = 0); - err = SSL_get_error(obj-ssl, ret); + if ((obj != NULL) (obj-ssl != NULL)) { + err = SSL_get_error(obj-ssl, ret); - switch (err) { - case SSL_ERROR_ZERO_RETURN: - errstr = TLS/SSL connection has been closed; - p = PY_SSL_ERROR_ZERO_RETURN; - break; - case SSL_ERROR_WANT_READ: - errstr = The operation did not complete (read); - p = PY_SSL_ERROR_WANT_READ; - break; - case SSL_ERROR_WANT_WRITE: - p = PY_SSL_ERROR_WANT_WRITE; - errstr = The operation did not complete (write); - break; - case SSL_ERROR_WANT_X509_LOOKUP: - p = PY_SSL_ERROR_WANT_X509_LOOKUP; - errstr = The operation did not complete (X509 lookup); - break; - case SSL_ERROR_WANT_CONNECT: - p = PY_SSL_ERROR_WANT_CONNECT; - errstr = The operation did not complete (connect); - break; - case SSL_ERROR_SYSCALL: - { - unsigned long e = ERR_get_error(); - if (e == 0) { - if (ret == 0 || !obj-Socket) { - p = PY_SSL_ERROR_EOF; - errstr = EOF occurred in violation of protocol; - } else if (ret == -1) { - /* the underlying BIO reported an I/O error */ - return obj-Socket-errorhandler(); - } else { /* possible? */ + switch (err) { + case SSL_ERROR_ZERO_RETURN: + errstr = TLS/SSL connection has been closed; + p = PY_SSL_ERROR_ZERO_RETURN; + break; + case SSL_ERROR_WANT_READ: + errstr = The operation did not complete (read); + p = PY_SSL_ERROR_WANT_READ; + break; + case SSL_ERROR_WANT_WRITE: + p = PY_SSL_ERROR_WANT_WRITE; + errstr = The operation did not complete (write); + break; + case SSL_ERROR_WANT_X509_LOOKUP: + p = PY_SSL_ERROR_WANT_X509_LOOKUP; + errstr = The operation did not complete (X509 lookup); + break; + case SSL_ERROR_WANT_CONNECT: + p = PY_SSL_ERROR_WANT_CONNECT; + errstr = The operation did not complete (connect); + break; + case SSL_ERROR_SYSCALL: + { + unsigned long e = ERR_get_error(); + if (e == 0) { + if (ret == 0 || !obj-Socket) { + p = PY_SSL_ERROR_EOF; + errstr = EOF occurred in violation of protocol; + } else if (ret == -1) { + /* the underlying BIO reported an I/O error */ + return obj-Socket-errorhandler(); + } else { /* possible? */ + p = PY_SSL_ERROR_SYSCALL; + errstr = Some I/O error occurred; + } + } else { p = PY_SSL_ERROR_SYSCALL; - errstr = Some I/O error occurred; + /* XXX Protected by global interpreter lock */ +
Re: [Python-Dev] Other SSL issues in the tracker have been marked
Committed revision 57568. Anything else I can check in for you? On 8/27/07, Bill Janssen [EMAIL PROTECTED] wrote: Some of the code sets the error string in this directly before returning NULL, and other pieces of the code call PySSL_SetError, which creates the error string. I think some of the places which set the string directly probably shouldn't; instead, they should call PySSL_SetError to cons up the error name directly from the err code. However, PySSL_SetError only works after the construction of an ssl object, which means it can't be used there... I'll take a longer look at it and see if there's a reasonable fix. Here's a patch which addresses this. It also fixes the indentation in PySSL_SetError, bringing it into line with PEP 7, fixes a compile warning about one of the OpenSSL macros, and makes the namespace a bit more consistent. I've tested it on FC 7 and OS X 10.4. % ./python ./Lib/test/regrtest.py -R :1: -u all test_ssl test_ssl beginning 6 repetitions 123456 .. 1 test OK. [29244 refs] % Bill Index: Modules/_ssl.c === --- Modules/_ssl.c (revision 57564) +++ Modules/_ssl.c (working copy) @@ -122,71 +122,74 @@ char buf[2048]; char *errstr; int err; - enum py_ssl_error p; + enum py_ssl_error p = PY_SSL_ERROR_NONE; assert(ret = 0); - err = SSL_get_error(obj-ssl, ret); + if ((obj != NULL) (obj-ssl != NULL)) { + err = SSL_get_error(obj-ssl, ret); - switch (err) { - case SSL_ERROR_ZERO_RETURN: - errstr = TLS/SSL connection has been closed; - p = PY_SSL_ERROR_ZERO_RETURN; - break; - case SSL_ERROR_WANT_READ: - errstr = The operation did not complete (read); - p = PY_SSL_ERROR_WANT_READ; - break; - case SSL_ERROR_WANT_WRITE: - p = PY_SSL_ERROR_WANT_WRITE; - errstr = The operation did not complete (write); - break; - case SSL_ERROR_WANT_X509_LOOKUP: - p = PY_SSL_ERROR_WANT_X509_LOOKUP; - errstr = The operation did not complete (X509 lookup); - break; - case SSL_ERROR_WANT_CONNECT: - p = PY_SSL_ERROR_WANT_CONNECT; - errstr = The operation did not complete (connect); - break; - case SSL_ERROR_SYSCALL: - { - unsigned long e = ERR_get_error(); - if (e == 0) { - if (ret == 0 || !obj-Socket) { - p = PY_SSL_ERROR_EOF; - errstr = EOF occurred in violation of protocol; - } else if (ret == -1) { - /* the underlying BIO reported an I/O error */ - return obj-Socket-errorhandler(); - } else { /* possible? */ + switch (err) { + case SSL_ERROR_ZERO_RETURN: + errstr = TLS/SSL connection has been closed; + p = PY_SSL_ERROR_ZERO_RETURN; + break; + case SSL_ERROR_WANT_READ: + errstr = The operation did not complete (read); + p = PY_SSL_ERROR_WANT_READ; + break; + case SSL_ERROR_WANT_WRITE: + p = PY_SSL_ERROR_WANT_WRITE; + errstr = The operation did not complete (write); + break; + case SSL_ERROR_WANT_X509_LOOKUP: + p = PY_SSL_ERROR_WANT_X509_LOOKUP; + errstr = The operation did not complete (X509 lookup); + break; + case SSL_ERROR_WANT_CONNECT: + p = PY_SSL_ERROR_WANT_CONNECT; + errstr = The operation did not complete (connect); + break; + case SSL_ERROR_SYSCALL: + { + unsigned long e = ERR_get_error(); + if (e == 0) { + if (ret == 0 || !obj-Socket) { + p = PY_SSL_ERROR_EOF; + errstr = EOF occurred in violation of protocol; + } else if (ret == -1) { + /* the underlying BIO reported an I/O error */ + return obj-Socket-errorhandler(); + } else { /* possible? */ + p = PY_SSL_ERROR_SYSCALL; + errstr = Some I/O error occurred; + } + } else {
Re: [Python-Dev] Other SSL issues in the tracker have been marked
Anything else I can check in for you? Ho, ho! No, I'm done for now. I think everything is working; let's see what the buildbots say. I've got to do some job work now, and I promised Barry I'd help with the email work, but I'll get back to this with a port to the Py3K branch. I'd also like to expand the test_ssl suite to cover more edge cases, particularly failure modes. Maybe I'll do that first. Actually... if you're in a check-in mood, there is the documentation patch (issue 1024), which explains about certificates... Bill ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] tarfile and directory traversal vulnerability
On Mon, Aug 27, 2007 at 07:40:36PM +0200, Jan Matejek wrote: Lars Gustäbel wrote: Suppose we have: foo - /etc foo/passwd If creation of the foo symlink is delayed, foo/passwd will be extracted in a directory foo which will be created implicitly. If we create the foo symlink afterwards it will fail because foo already exists. The best way would be to completely ignore members and link targets that are absolute or outside the archive's scope. GNU tar doesn't descend into symlinked directories when extracting, such archive fails anyway: # tar xvf foo.tar foo foo/passwd tar: foo/passwd: Cannot open: Not a directory tar: Error exit delayed from previous errors I think that is the simplest solution, but i'm not sure how to best implement that in extractall(). GNU tar creates a placeholder file for every hard or symbolic link during the extract process and in a second step replaces them with links. I don't think that this is a good choice for a library. The problem is that it leads to delayed and (from the user's POV) unrelated errors. I prefer the solution that archive members with pathnames that either start with a / or a ../ raise an exception by default and can be extracted only by direct request. I am currently working on a patch. Should we move this discussion over to the bugtracker? -- Lars Gustäbel [EMAIL PROTECTED] Linux is like a wigwam - no Gates, no Windows, Apache inside. ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
[Python-Dev] next steps in SSL work
I think the next steps to take are as follows, in order: 1) Generate a patch to the trunk to remove all use of socket.ssl in library modules (and elsewhere except for test/test_socket_ssl.py), and switch them to use the ssl module. This would affect httplib, imaplib, poplib, smtplib, urllib, and xmlrpclib. This patch should also deprecate the use of socket.ssl, and particularly the server and issuer methods on it, which can return bad data. I don't know how to deprecate something... Pointers? 2) Expand the test suite to exhaustively test edge cases, particularly things like invalid protocol ids, bad cert files, bad key files, etc. 3) Take the threaded server example in test/test_ssl.py, clean it up, and add it to the Demos directory (maybe it should be a HOWTO?). 4) Generate a patch for the Py3K branch. This patch would remove the ssl function from the socket module, and would also remove the server and issuer methods on the SSL context. The ssl.sslsocket class would be renamed to SSLSocket (PEP 8), and would inherit from socket.socket and io.RawIOBase. The current improvements to the Modules/_ssl.c file would be folded in. The patch would also fix all uses of socket.ssl in the other library modules. 5) Generate a package for older Pythons (2.3-2.5). This would install the ssl module, plus the improved version of _ssl.c. Needs more design. Bill ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com