-
-
Notifications
You must be signed in to change notification settings - Fork 30.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pure-Python implementation of socket.socketpair() doesn't authenticate connected socket #122133
Labels
Comments
sethmlarson
added
type-bug
An unexpected behavior, bug, or error
type-security
A security issue
labels
Jul 22, 2024
gpshead
added a commit
that referenced
this issue
Jul 29, 2024
…allback (GH-122134) * Authenticate socket connection for `socket.socketpair()` fallback when the platform does not have a native `socketpair` C API. We authenticate in-process using `getsocketname` and `getpeername` (thanks to Nathaniel J Smith for that suggestion). Co-authored-by: Gregory P. Smith <greg@krypto.org>
miss-islington
pushed a commit
to miss-islington/cpython
that referenced
this issue
Jul 29, 2024
…r()` fallback (pythonGH-122134) * Authenticate socket connection for `socket.socketpair()` fallback when the platform does not have a native `socketpair` C API. We authenticate in-process using `getsocketname` and `getpeername` (thanks to Nathaniel J Smith for that suggestion). (cherry picked from commit 78df104) Co-authored-by: Seth Michael Larson <seth@python.org> Co-authored-by: Gregory P. Smith <greg@krypto.org>
miss-islington
pushed a commit
to miss-islington/cpython
that referenced
this issue
Jul 29, 2024
…r()` fallback (pythonGH-122134) * Authenticate socket connection for `socket.socketpair()` fallback when the platform does not have a native `socketpair` C API. We authenticate in-process using `getsocketname` and `getpeername` (thanks to Nathaniel J Smith for that suggestion). (cherry picked from commit 78df104) Co-authored-by: Seth Michael Larson <seth@python.org> Co-authored-by: Gregory P. Smith <greg@krypto.org>
miss-islington
pushed a commit
to miss-islington/cpython
that referenced
this issue
Jul 29, 2024
…r()` fallback (pythonGH-122134) * Authenticate socket connection for `socket.socketpair()` fallback when the platform does not have a native `socketpair` C API. We authenticate in-process using `getsocketname` and `getpeername` (thanks to Nathaniel J Smith for that suggestion). (cherry picked from commit 78df104) Co-authored-by: Seth Michael Larson <seth@python.org> Co-authored-by: Gregory P. Smith <greg@krypto.org>
miss-islington
pushed a commit
to miss-islington/cpython
that referenced
this issue
Jul 29, 2024
…r()` fallback (pythonGH-122134) * Authenticate socket connection for `socket.socketpair()` fallback when the platform does not have a native `socketpair` C API. We authenticate in-process using `getsocketname` and `getpeername` (thanks to Nathaniel J Smith for that suggestion). (cherry picked from commit 78df104) Co-authored-by: Seth Michael Larson <seth@python.org> Co-authored-by: Gregory P. Smith <greg@krypto.org>
miss-islington
pushed a commit
to miss-islington/cpython
that referenced
this issue
Jul 29, 2024
…r()` fallback (pythonGH-122134) * Authenticate socket connection for `socket.socketpair()` fallback when the platform does not have a native `socketpair` C API. We authenticate in-process using `getsocketname` and `getpeername` (thanks to Nathaniel J Smith for that suggestion). (cherry picked from commit 78df104) Co-authored-by: Seth Michael Larson <seth@python.org> Co-authored-by: Gregory P. Smith <greg@krypto.org>
miss-islington
pushed a commit
to miss-islington/cpython
that referenced
this issue
Jul 29, 2024
…r()` fallback (pythonGH-122134) * Authenticate socket connection for `socket.socketpair()` fallback when the platform does not have a native `socketpair` C API. We authenticate in-process using `getsocketname` and `getpeername` (thanks to Nathaniel J Smith for that suggestion). (cherry picked from commit 78df104) Co-authored-by: Seth Michael Larson <seth@python.org> Co-authored-by: Gregory P. Smith <greg@krypto.org>
gpshead
added a commit
that referenced
this issue
Jul 29, 2024
…ir()` fallback (GH-122134) (GH-122425) Authenticate socket connection for `socket.socketpair()` fallback when the platform does not have a native `socketpair` C API. We authenticate in-process using `getsocketname` and `getpeername` (thanks to Nathaniel J Smith for that suggestion). (cherry picked from commit 78df104) Co-authored-by: Seth Michael Larson <seth@python.org> Co-authored-by: Gregory P. Smith <greg@krypto.org>
gpshead
added a commit
that referenced
this issue
Jul 30, 2024
…ir()` fallback (GH-122134) (GH-122424) Authenticate socket connection for `socket.socketpair()` fallback when the platform does not have a native `socketpair` C API. We authenticate in-process using `getsocketname` and `getpeername` (thanks to Nathaniel J Smith for that suggestion). (cherry picked from commit 78df104) Co-authored-by: Seth Michael Larson <seth@python.org> Co-authored-by: Gregory P. Smith <greg@krypto.org>
ambv
pushed a commit
that referenced
this issue
Jul 30, 2024
…ir()` fallback (GH-122134) (#122426) Authenticate socket connection for `socket.socketpair()` fallback when the platform does not have a native `socketpair` C API. We authenticate in-process using `getsocketname` and `getpeername` (thanks to Nathaniel J Smith for that suggestion). (cherry picked from commit 78df104) Co-authored-by: Seth Michael Larson <seth@python.org> Co-authored-by: Gregory P. Smith <greg@krypto.org>
ambv
pushed a commit
that referenced
this issue
Jul 30, 2024
…ir()` fallback (GH-122134) (#122427) Authenticate socket connection for `socket.socketpair()` fallback when the platform does not have a native `socketpair` C API. We authenticate in-process using `getsocketname` and `getpeername` (thanks to Nathaniel J Smith for that suggestion). (cherry picked from commit 78df104) Co-authored-by: Seth Michael Larson <seth@python.org> Co-authored-by: Gregory P. Smith <greg@krypto.org>
ambv
pushed a commit
that referenced
this issue
Jul 30, 2024
…r()` fallback (GH-122134) (#122428) Authenticate socket connection for `socket.socketpair()` fallback when the platform does not have a native `socketpair` C API. We authenticate in-process using `getsocketname` and `getpeername` (thanks to Nathaniel J Smith for that suggestion). (cherry picked from commit 78df104) Co-authored-by: Seth Michael Larson <seth@python.org> Co-authored-by: Gregory P. Smith <greg@krypto.org>
ambv
added a commit
that referenced
this issue
Jul 30, 2024
…r()` fallback (GH-122134) (GH-122429) Authenticate socket connection for `socket.socketpair()` fallback when the platform does not have a native `socketpair` C API. We authenticate in-process using `getsocketname` and `getpeername` (thanks to Nathaniel J Smith for that suggestion). (cherry picked from commit 78df104) Co-authored-by: Seth Michael Larson <seth@python.org> Co-authored-by: Gregory P. Smith <greg@krypto.org> Co-authored-by: Łukasz Langa <lukasz@langa.pl>
Yhg1s
pushed a commit
that referenced
this issue
Jul 31, 2024
…lib.reload. (#122493) Co-authored-by: Gregory P. Smith <greg@krypto.org>
miss-islington
pushed a commit
to miss-islington/cpython
that referenced
this issue
Jul 31, 2024
…importlib.reload. (pythonGH-122493) (cherry picked from commit f071f01) Co-authored-by: Russell Keith-Magee <russell@keith-magee.com> Co-authored-by: Gregory P. Smith <greg@krypto.org>
miss-islington
pushed a commit
to miss-islington/cpython
that referenced
this issue
Jul 31, 2024
…importlib.reload. (pythonGH-122493) (cherry picked from commit f071f01) Co-authored-by: Russell Keith-Magee <russell@keith-magee.com> Co-authored-by: Gregory P. Smith <greg@krypto.org>
miss-islington
pushed a commit
to miss-islington/cpython
that referenced
this issue
Jul 31, 2024
…importlib.reload. (pythonGH-122493) (cherry picked from commit f071f01) Co-authored-by: Russell Keith-Magee <russell@keith-magee.com> Co-authored-by: Gregory P. Smith <greg@krypto.org>
miss-islington
pushed a commit
to miss-islington/cpython
that referenced
this issue
Jul 31, 2024
…importlib.reload. (pythonGH-122493) (cherry picked from commit f071f01) Co-authored-by: Russell Keith-Magee <russell@keith-magee.com> Co-authored-by: Gregory P. Smith <greg@krypto.org>
miss-islington
pushed a commit
to miss-islington/cpython
that referenced
this issue
Jul 31, 2024
…importlib.reload. (pythonGH-122493) (cherry picked from commit f071f01) Co-authored-by: Russell Keith-Magee <russell@keith-magee.com> Co-authored-by: Gregory P. Smith <greg@krypto.org>
miss-islington
pushed a commit
to miss-islington/cpython
that referenced
this issue
Jul 31, 2024
…importlib.reload. (pythonGH-122493) (cherry picked from commit f071f01) Co-authored-by: Russell Keith-Magee <russell@keith-magee.com> Co-authored-by: Gregory P. Smith <greg@krypto.org>
ambv
pushed a commit
that referenced
this issue
Aug 2, 2024
ambv
pushed a commit
that referenced
this issue
Aug 2, 2024
ambv
pushed a commit
that referenced
this issue
Aug 2, 2024
ambv
pushed a commit
that referenced
this issue
Aug 2, 2024
Only for (easier) tracking purposes (because searching for this CVE doesn't yield any results in this repo), it seems CVE-2024-3219 is now linked to this issue: |
blhsing
pushed a commit
to blhsing/cpython
that referenced
this issue
Aug 22, 2024
…importlib.reload. (python#122493) Co-authored-by: Gregory P. Smith <greg@krypto.org>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Bug report
Bug description:
socket.socketpair()
has a fall-back implementation on platforms that don't supportsocket.AF_UNIX
which uses AF_INET[6] sockets bound to localhost. This connection is expected to come from the same process.CPython versions tested on:
CPython main branch
Operating systems tested on:
Linux, Windows
Linked PRs
socket.socketpair()
fallback #122134socket.socketpair()
fallback (GH-122134) #122424socket.socketpair()
fallback (GH-122134) #122425socket.socketpair()
fallback (GH-122134) #122426socket.socketpair()
fallback (GH-122134) #122427socket.socketpair()
fallback (GH-122134) #122428socket.socketpair()
fallback (GH-122134) #122429The text was updated successfully, but these errors were encountered: