Barry A. Warsaw ba...@python.org added the comment:
I do not see this as a security bug so no patch for 2.6 please. (Comment
requested from IRC).
--
nosy: +barry
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue6706
Giampaolo Rodola' g.rod...@gmail.com added the comment:
Fixed in r86084 (2.7) and r86085 (3.1).
--
resolution: - fixed
stage: patch review - committed/rejected
status: open - closed
type: behavior - security
versions: +Python 2.7, Python 3.1
___
Changes by Arfrever Frehtes Taifersar Arahesis arfrever@gmail.com:
--
nosy: +Arfrever
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue6706
___
Arfrever Frehtes Taifersar Arahesis arfrever@gmail.com added the comment:
CVE-2010-3492 references this issue.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3492
--
___
Python tracker rep...@bugs.python.org
Giampaolo Rodola' g.rod...@gmail.com added the comment:
Python 3.2 changes committed in r85220.
Still have to commit EWOULDBLOCK/ECONNABORTED changes for 3.1 and 2.7.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue6706
Antoine Pitrou pit...@free.fr added the comment:
I'm not an asyncore expert, but I can't see anything wrong with the patch.
--
stage: needs patch - patch review
versions: -Python 2.6, Python 2.7, Python 3.1
___
Python tracker rep...@bugs.python.org
Giampaolo Rodola' g.rod...@gmail.com added the comment:
Patch in attachment adds a handled_accepted() method to dispatcher class as
recommended by Antoine.
--
Added file: http://bugs.python.org/file19104/accept.patch
___
Python tracker
Giampaolo Rodola' g.rod...@gmail.com added the comment:
Patch in attachment makes accept() return None in case no connection takes
place and modifies the doc to make this very clear, also providing an example
on how an asyncore-based server should be properly set-up .
--
versions:
Antoine Pitrou pit...@free.fr added the comment:
EAGAIN can be raised too. I never experienced this error condition
myself in pyftpdlib
From the accept() man page:
EAGAIN or EWOULDBLOCK
The socket is marked nonblocking and no connections are
present to be accepted.
Giampaolo Rodola' g.rod...@gmail.com added the comment:
I'm not convinced hiding operating system bugs is a good idea.
Do you propose to let the error raise then?
The point of frameworks such as asyncore and twisted is to hide all
system-specific errors as much as possible and provide a
Antoine Pitrou pit...@free.fr added the comment:
The point of frameworks such as asyncore and twisted is to hide all
system-specific errors as much as possible and provide a portable
interface across all platforms.
As long as these errors are reasonably explainable.
If a strange error only
Giampaolo Rodola' g.rod...@gmail.com added the comment:
As long as these errors are reasonably explainable.
If a strange error only occurs when running nmap on an OS X server,
then it might be useful for the user to know that the OS X server
isn't able to service all connections properly
Giampaolo Rodola' g.rod...@gmail.com added the comment:
Here's a rewriting attempt (not tested).
Now that I look at it I must say it's quite ugly, so I don't think we should
follow this road.
An alternative I see is to return None in case of errors occurring on accept()
and make this very
Dave Malcolm dmalc...@redhat.com added the comment:
giampaolo: did you ever rewrite the patch?
For reference to other users:
http://code.google.com/p/pyftpdlib/source/browse/trunk/pyftpdlib/ftpserver.py
Note the complexity of the two handle_accept implementations in that file; both
of them
Changes by jan matejek jmate...@suse.cz:
--
nosy: +matejcik
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue6706
___
___
Python-bugs-list mailing
Changes by Santoso Wijaya santa@me.com:
--
nosy: +santa4nt
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue6706
___
___
Python-bugs-list mailing
Giampaolo Rodola' g.rod...@gmail.com added the comment:
Shame on me, it seems I totally forgot to attach the patch.
Unfortunately the patch went lost but I'm going to try to rewrite it.
As for tests, ECONN and EAGAIN error conditions are hardly reproducible unless
you're using nmap.
I'm
Mark Lawrence breamore...@yahoo.co.uk added the comment:
@Giampaolo it looks as if you meant to attach a patch but didn't! :) If you do
attach one could you also supply a modified unit test file with it, thanks.
--
nosy: +BreamoreBoy
stage: - needs patch
type: - behavior
versions:
New submission from Giampaolo Rodola' billiej...@users.sourceforge.net:
An old bad design choice in asyncore is how it forces the user to
override handle_accept() and then call self.accept() to obtain a socket
pair.
def handle_accept(self):
conn, addr = self.accept()
The
19 matches
Mail list logo