Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cpython3 / c23484b21f8b62ec7c62a6e2253cf5f656e2ef06^! / .
commitc23484b21f8b62ec7c62a6e2253cf5f656e2ef06[log] [tgz]
authorJesus Cea <jcea@jcea.es>Wed Sep 21 03:47:39 2011 +0200
committerJesus Cea <jcea@jcea.es>Wed Sep 21 03:47:39 2011 +0200
tree6ae29d5fec5ac44b18f218c9de2da19ad4b2d24d
parent4ac5d2cda495b90c7990f9e231553fa2dca9854f [diff]
Close #13022: _multiprocessing.recvfd() doesn't check that file descriptor was actually received

diff --git a/Lib/test/test_multiprocessing.py b/Lib/test/test_multiprocessing.py
index c2a2f19..0e480a9 100644
--- a/Lib/test/test_multiprocessing.py
+++ b/Lib/test/test_multiprocessing.py

@@ -1574,6 +1574,23 @@
         with open(test_support.TESTFN, "rb") as f:
             self.assertEqual(f.read(), b"bar")
 
+    @classmethod
+    def _send_data_without_fd(self, conn):
+        os.write(conn.fileno(), b"\0")
+
+    @unittest.skipIf(sys.platform == "win32", "doesn't make sense on Windows")
+    def test_missing_fd_transfer(self):
+        # Check that exception is raised when received data is not
+        # accompanied by a file descriptor in ancillary data.
+        if self.TYPE != 'processes':
+            self.skipTest("only makes sense with processes")
+        conn, child_conn = self.Pipe(duplex=True)
+
+        p = self.Process(target=self._send_data_without_fd, args=(child_conn,))
+        p.daemon = True
+        p.start()
+        self.assertRaises(RuntimeError, reduction.recv_handle, conn)
+        p.join()
 
 class _TestListenerClient(BaseTestCase):
 

diff --git a/Misc/NEWS b/Misc/NEWS
index 30cde1d..fa4022e 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS

@@ -201,6 +201,9 @@
 Extension Modules
 -----------------
 
+- Issue #13022: Fix: _multiprocessing.recvfd() doesn't check that
+  file descriptor was actually received.
+
 - Issue #12483: ctypes: Fix a crash when the destruction of a callback
   object triggers the garbage collector.
 

diff --git a/Modules/_multiprocessing/multiprocessing.c b/Modules/_multiprocessing/multiprocessing.c
index 7582664..31a8da8 100644
--- a/Modules/_multiprocessing/multiprocessing.c
+++ b/Modules/_multiprocessing/multiprocessing.c

@@ -177,6 +177,17 @@
     if (res < 0)
         return PyErr_SetFromErrno(PyExc_OSError);
 
+    if (msg.msg_controllen < CMSG_LEN(sizeof(int)) ||
+        (cmsg = CMSG_FIRSTHDR(&msg)) == NULL ||
+        cmsg->cmsg_level != SOL_SOCKET ||
+        cmsg->cmsg_type != SCM_RIGHTS ||
+        cmsg->cmsg_len < CMSG_LEN(sizeof(int))) {
+        /* If at least one control message is present, there should be
+           no room for any further data in the buffer. */
+        PyErr_SetString(PyExc_RuntimeError, "No file descriptor received");
+        return NULL;
+    }
+
     fd = * (int *) CMSG_DATA(cmsg);
     return Py_BuildValue("i", fd);
 }