bpo-36161: Use thread-safe function ttyname_r instead of unsafe one ttyname #14868
Conversation
|
Hi all, I'm a new contributor and I've made a PR taking into account the discussion seen in the issue page. For the For the This is how a raised error would look when passing an invalid salt: |
|
I don't understand the error in the MacOS Builder: I don't understand since they are both unicode, and password is clearly utf-8 and the second argument are two If it were some codec issue wouldn't it fail in other OSes? Likewise for the other added test. |
|
@mangrisano Thanks for the approval. Unfortunately the CI is failing in MacOS. If you can, would you give me any pointers as to the cause of the issue? I truly don't understand it 😞 |
|
Hi @mangrisano, and any others. Just a friendly ping to mention that this is ready to be merged. |
chibby0ne
force-pushed
the
fix-issue-36161
branch
from
46a137a to
21deb92
Compare
|
Hi all, |
chibby0ne
force-pushed
the
fix-issue-36161
branch
from
21deb92 to
94f62fb
Compare
Modules/posixmodule.c
Outdated
| @@ -2712,13 +2712,14 @@ static PyObject * | |||
| os_ttyname_impl(PyObject *module, int fd) | |||
| /*[clinic end generated code: output=c424d2e9d1cd636a input=9ff5a58b08115c55]*/ | |||
| { | |||
| char *ret; | |||
| int ret; | |||
| char buffer[MAXPATHLEN]; | |||
There was a problem hiding this comment.
seems like the right buffer size is actually TTY_NAME_MAX
There was a problem hiding this comment.
Correct. This macro wasn't mentioned in the version of the man pages of my local dev machine (i.e: man ttyname) but after googling this constant, it is indeed mentioned in man limits.h which is imported by Python.h in the base code.
Good catch! Thanks for the recommendation!
Modules/posixmodule.c
Outdated
|
|
||
| ret = ttyname(fd); | ||
| if (ret == NULL) { | ||
| ret = ttyname_r(fd, buffer, MAXPATHLEN); |
|
A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated. Once you have made the requested changes, please leave a comment on this pull request containing the phrase |
Well according to the discussion in: https://bugs.python.org/issue36161, due to the fact that we are now returning the error code set by I have made the requested changes; please review again |
|
Thanks for making the requested changes! @benjaminp: please review the changes made to this pull request. |
While I agree it's technically a breaking change, I think not raising errors from a failed cryptographic function is severely buggy behavior. "Errors should never pass silently."
I think errors should always be propagated from |
Wise aphorism! I agree wholeheartedly.
Yeah it looks like this will be eventually deprecated and removed. I've decided to simply raise the error in accordingly, since it helps the user but also we are not over engineering future deprecated code. |
|
I have made the requested changes; please review again |
|
Thanks for making the requested changes! @benjaminp: please review the changes made to this pull request. |
|
A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated. Once you have made the requested changes, please leave a comment on this pull request containing the phrase |
Modules/posixmodule.c
Outdated
|
|
||
| ret = ttyname(fd); | ||
| if (ret == NULL) { | ||
| #ifndef TTY_NAME_MAX /* MacOS doesn't define this macro */ |
There was a problem hiding this comment.
Huh, maybe it's better to use sysconf(_SC_TTY_NAME_MAX) for portability.
There was a problem hiding this comment.
I wasn't sure about this because I saw the values were quite different between the ones used in OpenBSD and the ones used in Linux, but I agree is the more portable solution
Lib/crypt.py
Outdated
| result = None | ||
| try: | ||
| result = crypt('', salt) | ||
| except OSError: |
There was a problem hiding this comment.
Can you check that the errno of this error is EINVAL?
I think it would also be good to ensure that at least one method works.
There was a problem hiding this comment.
Good thinking! Done! Thanks a lot 👍
| @@ -0,0 +1 @@ | |||
| Use thread-safe functions instead of unsafe ones (crypt, ttyname) | |||
There was a problem hiding this comment.
"Use ttyname_r instead of ttyname and crypt_r instead of crypt for thread safety."
There was a problem hiding this comment.
I forgot to update this, because it was autogenerated from the first commit. Thanks a lot for your review 😉
Modules/posixmodule.c
Outdated
| return posix_error(); | ||
| } | ||
| return PyUnicode_DecodeFSDefault(ret); | ||
| char *buffer = (char *) PyMem_RawMalloc(size); |
There was a problem hiding this comment.
Nit: no space between the cast and the function call.
| int ret = ttyname_r(fd, buffer, size); | ||
| if (ret != 0) { | ||
| errno = ret; | ||
| return posix_error(); |
There was a problem hiding this comment.
This branch now leaks buffer.
There was a problem hiding this comment.
Good catch! Thanks ;)
Modules/posixmodule.c
Outdated
| PyObject *res; | ||
| res = PyUnicode_DecodeFSDefault(buffer); |
There was a problem hiding this comment.
Fold these two lines into one:
PyObject *res = PyUnicode_DecodeFSDefault(buffer);
| @@ -0,0 +1 @@ | |||
| For thread safetyy, use ``ttyname_r(3)`` instead of ``ttyname(3)`` and ``crypt_r(3)`` instead of ``crypt(3)``. | |||
There was a problem hiding this comment.
This is not correct, though, since you're not using crypt_r any more. :P
(I should have seen that last time I looked at the message.)
There was a problem hiding this comment.
In that case will only leave this PR for the ttyname_r, and then create another one for just the error checking of crypt, and will change the news message accordingly.
|
A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated. Once you have made the requested changes, please leave a comment on this pull request containing the phrase |
* Use dynamically-allocated buffer for ttyname_r buffer * In case there is an error with the crypt/crypt_r then raise the error, instead of failing silently. * Check for EINVAL (invalid argument) in errno when adding not supported cryptographic methods, such as Blowfish in the case of glibc, but raise other errors. * Use _SC_TTY_MAX_LENGTH for TTY_NAME_MAX Signed-off-by: Antonio Gutierrez <chibby0ne@gmail.com>
chibby0ne
force-pushed
the
fix-issue-36161
branch
from
c21c775 to
5799801
Compare
|
I have made the requested changes; please review again |
|
Thanks for making the requested changes! @benjaminp: please review the changes made to this pull request. |
|
@benjaminp What do you think I should name the other PR? AFAIK the PR branch should match the name of the issue. Should I name |
chibby0ne
changed the title
|
Hi @benjaminp, the error check for crypt/crypt_r was moved to: #16599 |
|
Thank you for the PR. |
…onGH-14868) Signed-off-by: Antonio Gutierrez <chibby0ne@gmail.com>
PR python#14868 replaced the ttyname() call with ttyname_r(), but the old check remained.
…ython#128503) (cherry picked from commit e08b282) PR python#14868 replaced the ttyname() call with ttyname_r(), but the old check remained.
…#128503) PR python#14868 replaced the ttyname() call with ttyname_r(), but the old check remained.
Signed-off-by: Antonio Gutierrez chibby0ne@gmail.com
https://bugs.python.org/issue36161