diff options
| -rw-r--r-- | Lib/SimpleXMLRPCServer.py | 12 | ||||
| -rw-r--r-- | Misc/NEWS | 3 |
2 files changed, 14 insertions, 1 deletions
diff --git a/Lib/SimpleXMLRPCServer.py b/Lib/SimpleXMLRPCServer.py index 5e39840..ae06bda 100644 --- a/Lib/SimpleXMLRPCServer.py +++ b/Lib/SimpleXMLRPCServer.py @@ -104,7 +104,7 @@ from xmlrpclib import Fault import SocketServer import BaseHTTPServer import sys -import os +import os, fcntl def resolve_dotted_attribute(obj, attr, allow_dotted_names=True): """resolve_dotted_attribute(a, 'b.c.d') => a.b.c.d @@ -465,6 +465,8 @@ class SimpleXMLRPCServer(SocketServer.TCPServer, from SimpleXMLRPCDispatcher to change this behavior. """ + allow_reuse_address = True + def __init__(self, addr, requestHandler=SimpleXMLRPCRequestHandler, logRequests=1): self.logRequests = logRequests @@ -472,6 +474,14 @@ class SimpleXMLRPCServer(SocketServer.TCPServer, SimpleXMLRPCDispatcher.__init__(self) SocketServer.TCPServer.__init__(self, addr, requestHandler) + # [Bug #1222790] If possible, set close-on-exec flag; if a + # method spawns a subprocess, the subprocess shouldn't have + # the listening socket open. + if hasattr(fcntl, 'FD_CLOEXEC'): + flags = fcntl.fcntl(self.fileno(), fcntl.F_GETFD) + flags |= fcntl.FD_CLOEXEC + fcntl.fcntl(self.fileno(), fcntl.F_SETFD, flags) + class CGIXMLRPCRequestHandler(SimpleXMLRPCDispatcher): """Simple handler for XML-RPC data passed through CGI.""" @@ -448,6 +448,9 @@ Library disables recursive traversal through instance attributes, which can be exploited in various ways. +- Bug #1222790: in SimpleXMLRPCServer, set the reuse-address and close-on-exec + flags on the HTTP listening socket. + - Bug #1110478: Revert os.environ.update to do putenv again. - Bug #1103844: fix distutils.install.dump_dirs() with negated options. |