diff options
| author | Antoine Pitrou <solipsis@pitrou.net> | 2013-12-28 17:30:51 +0100 | 
|---|---|---|
| committer | Antoine Pitrou <solipsis@pitrou.net> | 2013-12-28 17:30:51 +0100 | 
| commit | e6d2f159fcadd5fc336970110c49bba706b9787e (patch) | |
| tree | b7776304fedf69f6073b393b822dcd3519f2d859 /Lib/ssl.py | |
| parent | c1764dd3506e70d19d1bdda171b7812d416ad92f (diff) | |
| parent | 3e86ba4e321d20931648d110e1be12643cb8ff04 (diff) | |
| download | cpython-git-e6d2f159fcadd5fc336970110c49bba706b9787e.tar.gz | |
Issue #19422: Explicitly disallow non-SOCK_STREAM sockets in the ssl module, rather than silently let them emit clear text data.
Diffstat (limited to 'Lib/ssl.py')
| -rw-r--r-- | Lib/ssl.py | 5 | 
1 files changed, 5 insertions, 0 deletions
| diff --git a/Lib/ssl.py b/Lib/ssl.py index 052a118abb..4408e7b743 100644 --- a/Lib/ssl.py +++ b/Lib/ssl.py @@ -150,6 +150,7 @@ if sys.platform == "win32":  from socket import getnameinfo as _getnameinfo  from socket import SHUT_RDWR as _SHUT_RDWR  from socket import socket, AF_INET, SOCK_STREAM, create_connection +from socket import SOL_SOCKET, SO_TYPE  import base64        # for DER-to-PEM translation  import traceback  import errno @@ -482,6 +483,10 @@ class SSLSocket(socket):              self.ssl_version = ssl_version              self.ca_certs = ca_certs              self.ciphers = ciphers +        # Can't use sock.type as other flags (such as SOCK_NONBLOCK) get +        # mixed in. +        if sock.getsockopt(SOL_SOCKET, SO_TYPE) != SOCK_STREAM: +            raise NotImplementedError("only stream sockets are supported")          if server_side and server_hostname:              raise ValueError("server_hostname can only be specified "                               "in client mode") | 
