Skip to content

Handle socket errors when sending HTTP-over-HTTPS error responses #802

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
julianz- wants to merge 1 commit into
base: main
Choose a base branch
from
+27 −7
Open

Handle socket errors when sending HTTP-over-HTTPS error responses #802

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions cheroot/connections.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -327,6 +327,8 @@ def _from_server_socket(self, server_socket): # noqa: C901 # FIXME
wfile = mf(s, 'wb', io.DEFAULT_BUFFER_SIZE)
try:
wfile.write(''.join(buf).encode('ISO-8859-1'))
wfile.flush()
wfile.close()
Comment on lines +330 to +331
Copy link
Member

@webknjaz webknjaz Nov 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

plz avoid having more than one instruction in try-blocks.

Copy link
Member

@webknjaz webknjaz Nov 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, this should probably be a with-block anyway.

except OSError as ex:
if ex.args[0] not in errors.socket_errors_to_ignore:
raise
Expand Down
20 changes: 20 additions & 0 deletions cheroot/makefile.py
View file
Open in desktop
Copy link
Member

@webknjaz webknjaz Nov 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't like that we mess with private attributes (although, the existing code already accesses it). In particular, it's weird how TLS quirks leak into makefile. I'd wait for other bits of refactoring, especially the removal of makefile in favor of classmethods before doing anything about this.

Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,26 @@ def write(self, val, *args, **kwargs):
self.bytes_written += len(val)
return res

def _flush_unlocked(self):
"""
Flush buffered output to the underlying socket.

We override this method because when a client sends plaintext HTTP
to a TLS-only port, SSL detects a bad handshake and may
invalidate the underlying socket. At that point, the socket
may not be writable. Attempting to write (e.g., sending a
400 Bad Request) may succeed or raise OSError. This override
prevents OSError from propagating.
Comment on lines +75 to +80
Copy link
Member

@webknjaz webknjaz Nov 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This part looks like a code comment, not a docstring.

"""
try:
super()._flush_unlocked()
except OSError:
# The socket is already closed or otherwise unusable (e.g. TLS
# fatal alert triggered by invalid handshake).
# Clearing the buffer prevents the error from happening
# again during cleanup.
self._write_buf.clear()
Copy link
Member

@webknjaz webknjaz Nov 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure if we should be suppressing problems on the low level like this. It's likely the caller that should perform the suppression since the stream writer does not know the context it's used in (nor should it).



def MakeFile(sock, mode='r', bufsize=io.DEFAULT_BUFFER_SIZE):
"""File object attached to a socket object."""
Expand Down
1 change: 1 addition & 0 deletions cheroot/server.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1370,6 +1370,7 @@ def _handle_no_ssl(self, req):
'this server only speaks HTTPS on this port.'
)
req.simple_response('400 Bad Request', msg)
self.wfile.flush()
self.linger = True

def _conditional_error(self, req, response):
Expand Down
7 changes: 0 additions & 7 deletions cheroot/test/test_ssl.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -713,7 +713,6 @@ def test_https_over_http_error(http_server, ip_addr):
pytest.param(ANY_INTERFACE_IPV6, marks=missing_ipv6),
),
)
@pytest.mark.flaky(reruns=3, reruns_delay=2)
# pylint: disable-next=too-many-positional-arguments
def test_http_over_https_error(
http_request_timeout,
Expand All @@ -726,12 +725,6 @@ def test_http_over_https_error(
tls_certificate_private_key_pem_path,
):
"""Ensure that connecting over HTTP to HTTPS port is handled."""
# disable some flaky tests
# https://github.com/cherrypy/cheroot/issues/225
issue_225 = IS_MACOS and adapter_type == 'builtin'
if issue_225:
pytest.xfail('Test fails in Travis-CI')

if IS_LINUX:
expected_error_code, expected_error_text = (
104,
Expand Down
3 changes: 3 additions & 0 deletions docs/changelog-fragments.d/802.bugfix.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
Fixed socket errors when clients send HTTP to HTTPS-only ports.

-- by :user:`julianz-`
1 change: 1 addition & 0 deletions docs/spelling_wordlist.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ netloc
noqa
PIL
pipelining
plaintext
Copy link
Member

@webknjaz webknjaz Nov 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We might not need this if we don't put that comment into a docstring but have it as a comment.

positionally
pre
preconfigure
Expand Down
Loading