diff options
author | Giampaolo RodolĂ <g.rodola@gmail.com> | 2010-08-23 22:28:13 (GMT) |
---|---|---|
committer | Giampaolo RodolĂ <g.rodola@gmail.com> | 2010-08-23 22:28:13 (GMT) |
commit | 9cf5ef4cc0015848ef831db31b19c77e6a4273e0 (patch) | |
tree | bb92322eb87993d17b86899c256203dde82b74d6 | |
parent | bbc4782d77ac76e317182fb2400c6b7e1c305bdd (diff) | |
download | cpython-9cf5ef4cc0015848ef831db31b19c77e6a4273e0.zip cpython-9cf5ef4cc0015848ef831db31b19c77e6a4273e0.tar.gz cpython-9cf5ef4cc0015848ef831db31b19c77e6a4273e0.tar.bz2 |
fix issue 9129: adds proper error handling on accept() when smtpd accepts new incoming connections.
-rwxr-xr-x | Lib/smtpd.py | 25 | ||||
-rw-r--r-- | Misc/NEWS | 3 |
2 files changed, 26 insertions, 2 deletions
diff --git a/Lib/smtpd.py b/Lib/smtpd.py index b408278..179a1b9 100755 --- a/Lib/smtpd.py +++ b/Lib/smtpd.py @@ -121,7 +121,15 @@ class SMTPChannel(asynchat.async_chat): self.rcpttos = [] self.received_data = '' self.fqdn = socket.getfqdn() - self.peer = conn.getpeername() + try: + self.peer = conn.getpeername() + except socket.error as err: + # a race condition may occur if the other end is closing + # before we can get the peername + self.close() + if err.args[0] != errno.ENOTCONN: + raise + return print('Peer:', repr(self.peer), file=DEBUGSTREAM) self.push('220 %s %s' % (self.fqdn, __version__)) self.set_terminator(b'\r\n') @@ -414,7 +422,20 @@ class SMTPServer(asyncore.dispatcher): localaddr, remoteaddr), file=DEBUGSTREAM) def handle_accept(self): - conn, addr = self.accept() + try: + conn, addr = self.accept() + except TypeError: + # sometimes accept() might return None + return + except socket.error as err: + # ECONNABORTED might be thrown + if err.args[0] != errno.ECONNABORTED: + raise + return + else: + # sometimes addr == None instead of (ip, port) + if addr == None: + return print('Incoming connection from %s' % repr(addr), file=DEBUGSTREAM) channel = self.channel_class(self, conn, addr) @@ -123,6 +123,9 @@ Extensions Library ------- +- Issue #9129: smtpd.py is vulnerable to DoS attacks deriving from missing + error handling when accepting a new connection. + - Issue #9601: ftplib now provides a workaround for non-compliant implementations such as IIS shipped with Windows server 2003 returning invalid response codes for MKD and PWD commands. |