diff options
| -rw-r--r-- | Lib/test/audit-tests.py | 22 | ||||
| -rw-r--r-- | Lib/test/test_audit.py | 12 | ||||
| -rw-r--r-- | Misc/NEWS.d/next/Security/2020-03-30-23-16-25.bpo-40121.p2LIio.rst | 1 | ||||
| -rw-r--r-- | Modules/socketmodule.c | 7 |
4 files changed, 39 insertions, 3 deletions
diff --git a/Lib/test/audit-tests.py b/Lib/test/audit-tests.py index 33f3209..dda52a5 100644 --- a/Lib/test/audit-tests.py +++ b/Lib/test/audit-tests.py @@ -327,6 +327,28 @@ def test_winreg(): CloseKey(kv) +def test_socket(): + import socket + + def hook(event, args): + if event.startswith("socket."): + print(event, *args) + + sys.addaudithook(hook) + + socket.gethostname() + + # Don't care if this fails, we just want the audit message + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + try: + # Don't care if this fails, we just want the audit message + sock.bind(('127.0.0.1', 8080)) + except error: + pass + finally: + sock.close() + + if __name__ == "__main__": from test.libregrtest.setup import suppress_msvcrt_asserts diff --git a/Lib/test/test_audit.py b/Lib/test/test_audit.py index 73dd5c5..f405c69 100644 --- a/Lib/test/test_audit.py +++ b/Lib/test/test_audit.py @@ -118,6 +118,18 @@ class AuditTest(unittest.TestCase): self.assertSequenceEqual(["winreg.EnumKey", " ", f"{expected} 10000"], events[3]) self.assertSequenceEqual(["winreg.PyHKEY.Detach", " ", expected], events[4]) + def test_socket(self): + support.import_module("socket") + returncode, events, stderr = self.run_python("test_socket") + if returncode: + self.fail(stderr) + + if support.verbose: + print(*events, sep='\n') + self.assertEqual(events[0][0], "socket.gethostname") + self.assertEqual(events[1][0], "socket.__new__") + self.assertEqual(events[2][0], "socket.bind") + self.assertTrue(events[2][2].endswith("('127.0.0.1', 8080)")) if __name__ == "__main__": unittest.main() diff --git a/Misc/NEWS.d/next/Security/2020-03-30-23-16-25.bpo-40121.p2LIio.rst b/Misc/NEWS.d/next/Security/2020-03-30-23-16-25.bpo-40121.p2LIio.rst new file mode 100644 index 0000000..5aac6cd --- /dev/null +++ b/Misc/NEWS.d/next/Security/2020-03-30-23-16-25.bpo-40121.p2LIio.rst @@ -0,0 +1 @@ +Fixes audit events raised on creating a new socket. diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c index 2818ac7..b5c241e 100644 --- a/Modules/socketmodule.c +++ b/Modules/socketmodule.c @@ -5099,7 +5099,7 @@ sock_initobj(PyObject *self, PyObject *args, PyObject *kwds) #ifdef MS_WINDOWS /* In this case, we don't use the family, type and proto args */ - if (fdobj != NULL && fdobj != Py_None) + if (fdobj == NULL || fdobj == Py_None) #endif { if (PySys_Audit("socket.__new__", "Oiii", @@ -5121,8 +5121,9 @@ sock_initobj(PyObject *self, PyObject *args, PyObject *kwds) } memcpy(&info, PyBytes_AS_STRING(fdobj), sizeof(info)); - if (PySys_Audit("socket()", "iii", info.iAddressFamily, - info.iSocketType, info.iProtocol) < 0) { + if (PySys_Audit("socket.__new__", "Oiii", s, + info.iAddressFamily, info.iSocketType, + info.iProtocol) < 0) { return -1; } |