Message 31604 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	giampaolo.rodola
Recipients
Date	2007-03-21.09:15:49
SpamBayes Score
Marked as misclassified
Message-id
In-reply-to

Content
DoS asyncore vulnerability asyncore, independently if used with select() or poll(), suffers a DoS-type vulnerability when a high number of simultaneous connections to handle simultaneously is reached. The number of maximum connections is system-dependent as well as the type of error raised. I attached two simple Proof of Concept scripts demonstrating such bug. If you want to try the behaviours listed below run the attached "asyncore_server.py" and "asyncore_client.py" scripts on your local workstation. On my Windows XP system (Python 2.5), independently if asyncore has been used to develop a server or a client, the error is raised by select() inside asyncore's "poll" function when 512 (socket_map's elements) simultaneous connections are reached. Here's the traceback I get: [...] connections: 510 connections: 511 connections: 512 Traceback (most recent call last): File "C:\scripts\asyncore_server.py", line 38, in <module> asyncore.loop() File "C:\Python25\lib\asyncore.py", line 191, in loop poll_fun(timeout, map) File "C:\Python25\lib\asyncore.py", line 121, in poll r, w, e = select.select(r, w, e, timeout) ValueError: too many file descriptors in select() On my Linux Ubuntu 6.10 (kernel 2.6.17-10, Python 2.5) different type of errors are raised depending on the application (client or server). In an asyncore-based client the error is raised by socket module (dispatcher's "self.socket" attribute) inside 'connect' method of 'dispatcher' class: [...] connections: 1018 connections: 1019 connections: 1020 connections: 1021 Traceback (most recent call last): File "asyncore_client.py", line 31, in <module> File "asyncore.py", line 191, in loop File "asyncore.py", line 138, in poll File "asyncore.py", line 80, in write File "asyncore.py", line 76, in write File "asyncore.py", line 395, in handle_write_event File "asyncore_client.py", line 24, in handle_connect File "asyncore_client.py", line 9, in __init__ File "asyncore.py", line 257, in create_socket File "socket.py", line 156, in __init__ socket.error: (24, 'Too many open files') On an asyncore-based server the error is raised by socket module (dispatcher's "self.socket" attribute) inside 'accept' method of 'dispatcher' class: [...] connections: 1019 connections: 1020 connections: 1021 Traceback (most recent call last): File "asyncore_server.py", line 38, in <module> File "asyncore.py", line 191, in loop File "asyncore.py", line 132, in poll File "asyncore.py", line 72, in read File "asyncore.py", line 68, in read File "asyncore.py", line 384, in handle_read_event File "asyncore_server.py", line 16, in handle_accept File "asyncore.py", line 321, in accept File "socket.py", line 170, in accept socket.error: (24, 'Too many open files')

DoS asyncore vulnerability

asyncore, independently if used with select() or poll(), suffers a DoS-type vulnerability when a high number of simultaneous connections to handle simultaneously is reached.
The number of maximum connections is system-dependent as well as the type of error raised.
I attached two simple Proof of Concept scripts demonstrating such bug.
If you want to try the behaviours listed below run the attached "asyncore_server.py" and "asyncore_client.py" scripts on your local workstation.

On my Windows XP system (Python 2.5), independently if asyncore has been used to develop a server or a client, the error is raised by select() inside asyncore's "poll" function when 512 (socket_map's elements) simultaneous connections are reached. 
Here's the traceback I get:

[...]
connections: 510
connections: 511
connections: 512
Traceback (most recent call last):
  File "C:\scripts\asyncore_server.py", line 38, in <module>
    asyncore.loop()
  File "C:\Python25\lib\asyncore.py", line 191, in loop
    poll_fun(timeout, map)
  File "C:\Python25\lib\asyncore.py", line 121, in poll
    r, w, e = select.select(r, w, e, timeout)
ValueError: too many file descriptors in select()


On my Linux Ubuntu 6.10 (kernel 2.6.17-10, Python 2.5) different type of errors are raised depending on the application (client or server).
In an asyncore-based client the error is raised by socket module (dispatcher's "self.socket" attribute) inside 'connect' method of 'dispatcher' class:

[...]
connections: 1018
connections: 1019
connections: 1020
connections: 1021
Traceback (most recent call last):
  File "asyncore_client.py", line 31, in <module>
  File "asyncore.py", line 191, in loop
  File "asyncore.py", line 138, in poll
  File "asyncore.py", line 80, in write
  File "asyncore.py", line 76, in write
  File "asyncore.py", line 395, in handle_write_event
  File "asyncore_client.py", line 24, in handle_connect
  File "asyncore_client.py", line 9, in __init__
  File "asyncore.py", line 257, in create_socket
  File "socket.py", line 156, in __init__
socket.error: (24, 'Too many open files')


On an asyncore-based server the error is raised by socket module (dispatcher's "self.socket" attribute) inside 'accept' method of 'dispatcher' class:

[...]
connections: 1019
connections: 1020
connections: 1021
Traceback (most recent call last):
  File "asyncore_server.py", line 38, in <module>
  File "asyncore.py", line 191, in loop
  File "asyncore.py", line 132, in poll
  File "asyncore.py", line 72, in read
  File "asyncore.py", line 68, in read
  File "asyncore.py", line 384, in handle_read_event
  File "asyncore_server.py", line 16, in handle_accept
  File "asyncore.py", line 321, in accept
  File "socket.py", line 170, in accept
socket.error: (24, 'Too many open files')

History
Date	User	Action	Args
2007-08-23 14:52:39	admin	link	issue1685000 messages
2007-08-23 14:52:39	admin	create