fix issue 9129: adds proper error handling on accept() when smtpd accepts new incoming connections.
diff --git a/Lib/smtpd.py b/Lib/smtpd.py
index b408278..179a1b9 100755
--- a/Lib/smtpd.py
+++ b/Lib/smtpd.py
@@ -121,7 +121,15 @@
self.rcpttos = []
self.received_data = ''
self.fqdn = socket.getfqdn()
- self.peer = conn.getpeername()
+ try:
+ self.peer = conn.getpeername()
+ except socket.error as err:
+ # a race condition may occur if the other end is closing
+ # before we can get the peername
+ self.close()
+ if err.args[0] != errno.ENOTCONN:
+ raise
+ return
print('Peer:', repr(self.peer), file=DEBUGSTREAM)
self.push('220 %s %s' % (self.fqdn, __version__))
self.set_terminator(b'\r\n')
@@ -414,7 +422,20 @@
localaddr, remoteaddr), file=DEBUGSTREAM)
def handle_accept(self):
- conn, addr = self.accept()
+ try:
+ conn, addr = self.accept()
+ except TypeError:
+ # sometimes accept() might return None
+ return
+ except socket.error as err:
+ # ECONNABORTED might be thrown
+ if err.args[0] != errno.ECONNABORTED:
+ raise
+ return
+ else:
+ # sometimes addr == None instead of (ip, port)
+ if addr == None:
+ return
print('Incoming connection from %s' % repr(addr), file=DEBUGSTREAM)
channel = self.channel_class(self, conn, addr)
diff --git a/Misc/NEWS b/Misc/NEWS
index e8dcca2..944df93 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -123,6 +123,9 @@
Library
-------
+- Issue #9129: smtpd.py is vulnerable to DoS attacks deriving from missing
+ error handling when accepting a new connection.
+
- Issue #9601: ftplib now provides a workaround for non-compliant
implementations such as IIS shipped with Windows server 2003 returning invalid
response codes for MKD and PWD commands.