New submission from Dima Tisnek <dim...@gmail.com>:
socket.socket gained a fileno= kwarg the value of which is not checked if address family and socket type are both provided. For example, following is accepted: >>> socket.socket(socket.AF_INET, socket.SOCK_STREAM, fileno=-1234) >>> socket.socket(socket.AF_INET, socket.SOCK_STREAM, fileno=1234) >>> socket.socket(socket.AF_INET, socket.SOCK_STREAM, fileno=0.999) Resulting in a socket object that will fail at runtime. One of the implications is that it's possible to "steal" file descriptor, i.e. create a socket for an fd that doesn't exist; then some other function/thread happens to create e.g. socket with this specific fd, which can be "unexpectedly" used (or closed or modified, e.g. non-blocking changed) through the first socket object. Additionally if the shorthand is used, the exception raised in these cases has odd text, at least it was misleading for me. >>> socket.socket(fileno=get_wrong_fd_from_somewhere()) [snip] OSError: [Errno 9] Bad file descriptor: 'family' I thought that I had a bug whereby a string was passed in instead of an int fd; Ultimately I had to look in cpython source code to understand what the "family" meant. I volunteer to submit a patch! ---------- messages: 331096 nosy: Dima.Tisnek priority: normal severity: normal status: open title: fileno argument to socket.socket is not validated versions: Python 3.8 _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue35415> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
