diff options
| author | Damien George <damien@micropython.org> | 2023-08-09 13:17:04 +1000 |
|---|---|---|
| committer | Damien George <damien@micropython.org> | 2023-08-09 13:22:32 +1000 |
| commit | 20d3a6b1964705596d690182956f56b4f7678041 (patch) | |
| tree | 548237e1ba98e51356e2503602d4019939818600 | |
| parent | 218242d1de781124307be8720a7a9d2f373ca46b (diff) | |
extmod/modssl_mbedtls: Reject ioctls that are not supported.
An SSL stream can only handle CLOSE and POLL ioctls. Other ones do not
make sense, or at least it doesn't make sense to pass the ioctl request
directly down to the underlying stream.
In particular MP_STREAM_GET_FILENO should not be passed to the underlying
stream because the SSL stream is not directly related to a file descriptor,
and the SSL stream must handle the polling itself.
Signed-off-by: Damien George <damien@micropython.org>
| -rw-r--r-- | extmod/modssl_mbedtls.c | 4 | ||||
| -rw-r--r-- | tests/extmod/ssl_ioctl.py | 31 | ||||
| -rw-r--r-- | tests/extmod/ssl_ioctl.py.exp | 6 |
3 files changed, 41 insertions, 0 deletions
diff --git a/extmod/modssl_mbedtls.c b/extmod/modssl_mbedtls.c index 6d78d7d1b..8974ff65d 100644 --- a/extmod/modssl_mbedtls.c +++ b/extmod/modssl_mbedtls.c @@ -514,6 +514,10 @@ STATIC mp_uint_t socket_ioctl(mp_obj_t o_in, mp_uint_t request, uintptr_t arg, i } } } + } else { + // Unsupported ioctl. + *errcode = MP_EINVAL; + return MP_STREAM_ERROR; } // Pass all requests down to the underlying socket diff --git a/tests/extmod/ssl_ioctl.py b/tests/extmod/ssl_ioctl.py new file mode 100644 index 000000000..4db7c2df8 --- /dev/null +++ b/tests/extmod/ssl_ioctl.py @@ -0,0 +1,31 @@ +# Test SSL ioctl method. +# Direct access to this method is only available if MICROPY_UNIX_COVERAGE is enabled. + +try: + import io, ssl + + io.BytesIO +except (ImportError, AttributeError): + print("SKIP") + raise SystemExit + +_MP_STREAM_POLL = 3 +_MP_STREAM_CLOSE = 4 +_MP_STREAM_GET_FILENO = 10 + +s = ssl.wrap_socket(io.BytesIO(), server_side=1, do_handshake=0) + +if not hasattr(s, "ioctl"): + print("SKIP") + raise SystemExit + +# These ioctl's should be unsupported. +for request in (-1, 0, _MP_STREAM_GET_FILENO): + try: + s.ioctl(request, 0) + except OSError: + print(request, "OSError") + +# These ioctl's should be supported. +for request in (_MP_STREAM_CLOSE, _MP_STREAM_POLL, _MP_STREAM_CLOSE): + print(request, s.ioctl(request, 0)) diff --git a/tests/extmod/ssl_ioctl.py.exp b/tests/extmod/ssl_ioctl.py.exp new file mode 100644 index 000000000..72de7ed06 --- /dev/null +++ b/tests/extmod/ssl_ioctl.py.exp @@ -0,0 +1,6 @@ +-1 OSError +0 OSError +10 OSError +4 0 +3 32 +4 32 |