diff options
| author | Antoine Pitrou <solipsis@pitrou.net> | 2013-12-28 16:26:33 (GMT) |
|---|---|---|
| committer | Antoine Pitrou <solipsis@pitrou.net> | 2013-12-28 16:26:33 (GMT) |
| commit | 3e86ba4e321d20931648d110e1be12643cb8ff04 (patch) | |
| tree | f01df34824605fa2b79dabd905d983ee0d22b44c /Lib/ssl.py | |
| parent | ecff5e51a5c65037103c23c937a02184050b7117 (diff) | |
| download | cpython-3e86ba4e321d20931648d110e1be12643cb8ff04.zip cpython-3e86ba4e321d20931648d110e1be12643cb8ff04.tar.gz cpython-3e86ba4e321d20931648d110e1be12643cb8ff04.tar.bz2 | |
Issue #19422: Explicitly disallow non-SOCK_STREAM sockets in the ssl module, rather than silently let them emit clear text data.
Diffstat (limited to 'Lib/ssl.py')
| -rw-r--r-- | Lib/ssl.py | 5 |
1 files changed, 5 insertions, 0 deletions
@@ -111,6 +111,7 @@ else: from socket import getnameinfo as _getnameinfo from socket import error as socket_error from socket import socket, AF_INET, SOCK_STREAM, create_connection +from socket import SOL_SOCKET, SO_TYPE import base64 # for DER-to-PEM translation import traceback import errno @@ -296,6 +297,10 @@ class SSLSocket(socket): self.ssl_version = ssl_version self.ca_certs = ca_certs self.ciphers = ciphers + # Can't use sock.type as other flags (such as SOCK_NONBLOCK) get + # mixed in. + if sock.getsockopt(SOL_SOCKET, SO_TYPE) != SOCK_STREAM: + raise NotImplementedError("only stream sockets are supported") if server_side and server_hostname: raise ValueError("server_hostname can only be specified " "in client mode") |