8000 extmod/modssl_mbedtls: Reject ioctls that are not supported. · micropython/micropython@20d3a6b · GitHub
[go: up one dir, main page]
Skip to content

Commit 20d3a6b

Browse files
dpgeorgedpgeorge
committed
extmod/modssl_mbedtls: Reject ioctls that are not supported.
An SSL stream can only handle CLOSE and POLL ioctls. Other ones do not make sense, or at least it doesn't make sense to pass the ioctl request directly down to the underlying stream. In particular MP_STREAM_GET_FILENO should not be passed to the underlying stream because the SSL stream is not directly related to a file descriptor, and the SSL stream must handle the polling itself. Signed-off-by: Damien George <damien@micropython.org>
1 parent 218242d commit 20d3a6b

File tree

3 files changed

+41
-0
lines changed

3 files changed

+41
-0
lines changed

extmod/modssl_mbedtls.c

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -514,6 +514,10 @@ STATIC mp_uint_t socket_ioctl(mp_obj_t o_in, mp_uint_t request, uintptr_t arg, i
514514
}
515515
}
516516
}
517+
} else {
518+
// Unsupported ioctl.
519+
*errcode = MP_EINVAL;
520+
return MP_STREAM_ERROR;
517521
}
518522

519523
// Pass all requests down to the underlying socket

tests/extmod/ssl_ioctl.py

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
# Test SSL ioctl method.
2+
# Direct access to this method is only available if MICROPY_UNIX_COVERAGE is enabled.
3+
4+
try:
5+
import io, ssl
6+
7+
io.BytesIO
8+
except (ImportError, AttributeError):
9+
print("SKIP")
10+
raise SystemExit
11+
12+
_MP_STREAM_POLL = 3
13+
_MP_STREAM_CLOSE = 4
14+
_MP_STREAM_GET_FILENO = 10
15+
16+
s = ssl.wrap_socket(io.BytesIO(), server_side=1, do_handshake=0)
17+
18+
if not hasattr(s, "ioctl"):
19+
print("SKIP")
20+
raise SystemExit
21+
22+
# These ioctl's should be unsupported.
23+
for request in (-1, 0, _MP_STREAM_GET_FILENO):
24+
try:
25+
s.ioctl(request, 0)
26+
except OSError:
27+
print(request, "OSError")
28+
29+
# These ioctl's should be supported.
30+
for request in (_MP_STREAM_CLOSE, _MP_STREAM_POLL, _MP_STREAM_CLOSE):
31+
print(request, s.ioctl(request, 0))

tests/extmod/ssl_ioctl.py.exp

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
-1 OSError
2+
0 OSError
3+
10 OSError
4+
4 0
5+
3 32
6+
4 32

0 commit comments

Comments
 (0)
0