New submission from David Watson <bai...@users.sourceforge.net>: The function _multiprocessing.recvfd() calls recvmsg() and expects to receive a file descriptor in an SCM_RIGHTS control message, but doesn't check that such a control message is actually present. So if the sender sends data without an accompanying file descriptor, recvfd() will the return the integer value of the uninitialized CMSG_DATA() buffer.
The attached recvfd-check.diff checks for a complete control message of the correct type, and raises RuntimeError if it isn't there. This matches the behaviour of the proposed pure-Python implementation at issue #12981. The patch includes a test case, but like the other recently-added tests for the function, it isn't guarded against multiprocessing.reduction being unavailable. Issue #12981 has a patch "skip_reduction.diff" (already in 3.3) to fix this, and I'm attaching recvfd-skip-reduction-fix.diff to apply on top of it and guard the new test case as well. ---------- components: Extension Modules files: recvfd-check.diff keywords: patch messages: 144351 nosy: baikie priority: normal severity: normal status: open title: _multiprocessing.recvfd() doesn't check that file descriptor was actually received type: behavior versions: Python 2.7, Python 3.2, Python 3.3 Added file: http://bugs.python.org/file23214/recvfd-check.diff _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue13022> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
