File 0001-Fix-a-denial-of-service-bug-by-setting-the... of Package python-PyKMIP

Overview Repositories Revisions Requests Users Attributes Meta

File 0001-Fix-a-denial-of-service-bug-by-setting-the-server-so.patch of Package python-PyKMIP

From 3a202c2b24089c76dba84ad0cc3a0426c684d654 Mon Sep 17 00:00:00 2001
From: Peter Hamilton <peter.allen.hamilton@gmail.com>
Date: Tue, 24 Apr 2018 21:57:20 -0400
Subject: [PATCH 1/1] Fix a denial-of-service bug by setting the server socket
 timeout

This change fixes a potential denial-of-service bug with the
server, setting a default timeout for all server sockets. This
allows the server to drop hung connections without blocking
forever. The interrupt triggered during accept calls is expected
and is now handled appropriately. Server unit tests have been
updated to reflect this change.

Closes #430

(cherry picked from commit 3a7b880bdf70d295ed8af3a5880bab65fa6b3932)
---
 kmip/services/server/server.py                 | 6 ++++++
 kmip/tests/unit/services/server/test_server.py | 6 +++++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/kmip/services/server/server.py b/kmip/services/server/server.py
index a54ebdc..be34089 100644
--- a/kmip/services/server/server.py
+++ b/kmip/services/server/server.py
@@ -188,6 +188,7 @@ class KmipServer(object):
         self._logger.info("Starting server socket handler.")
 
         # Create a TCP stream socket and configure it for immediate reuse.
+        socket.setdefaulttimeout(10)
         self._socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
         self._socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
 
@@ -295,6 +296,11 @@ class KmipServer(object):
         while self._is_serving:
             try:
                 connection, address = self._socket.accept()
+            except socket.timeout:
+                # Setting the default socket timeout to break hung connections
+                # will cause accept to periodically raise socket.timeout. This
+                # is expected behavior, so ignore it and retry accept.
+                pass
             except socket.error as e:
                 if e.errno == errno.EINTR:
                     self._logger.warning("Interrupting connection service.")
diff --git a/kmip/tests/unit/services/server/test_server.py b/kmip/tests/unit/services/server/test_server.py
index 1c3c9e0..bb520a0 100644
--- a/kmip/tests/unit/services/server/test_server.py
+++ b/kmip/tests/unit/services/server/test_server.py
@@ -361,7 +361,11 @@ class TestKmipServer(testtools.TestCase):
 
         # Test the expected behavior for a normal server/interrupt sequence
         s._socket.accept = mock.MagicMock(
-            side_effect=[('connection', 'address'), expected_error]
+            side_effect=[
+                ('connection', 'address'),
+                socket.timeout,
+                expected_error
+            ]
         )
 
         s.serve()
-- 
2.16.4

Places

File 0001-Fix-a-denial-of-service-bug-by-setting-the-server-so.patch of Package python-PyKMIP

Places