-
-
Notifications
You must be signed in to change notification settings - Fork 30.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
_SelectorSocketTransport.writelines
is missing a flow control check allowing writes to fill memory until exhausted
#127655
Comments
@bdraco I put all security labels but does it affect 3.9/3.10/3.11? (can't check for now) |
Its 3.12+ only since |
…otocol if needed (#127656) Ensure `_SelectorSocketTransport.writelines` pauses the protocol if it reaches the high water mark as needed. Co-authored-by: Kumar Aditya <[email protected]>
…the protocol if needed (pythonGH-127656) Ensure `_SelectorSocketTransport.writelines` pauses the protocol if it reaches the high water mark as needed. (cherry picked from commit e991ac8) Co-authored-by: J. Nick Koston <[email protected]> Co-authored-by: Kumar Aditya <[email protected]>
…the protocol if needed (pythonGH-127656) Ensure `_SelectorSocketTransport.writelines` pauses the protocol if it reaches the high water mark as needed. (cherry picked from commit e991ac8) Co-authored-by: J. Nick Koston <[email protected]> Co-authored-by: Kumar Aditya <[email protected]>
Thanks @bdraco I assume aiohttp would be affected by this too if it uses writelines. If possible do share any performance numbers you have of how much impact the zero copy writes have made to aiohttp. |
aio-libs/aiohttp#10126 is the PR from a few hours ago that turned off zero copy writes which was released as part of The codspeed report shows the degraded performances however its not so great because we were pushing the CI pretty hard at the time and it wasn't keeping up. This run https://codspeed.io/aio-libs/aiohttp/runs/675241d947498039ef29339c is probably the best one to look at for aiohttp 3.11.x. For The relevant benchmarks that show a real difference are (keep in mind we are benchmarking disabling zero copy writes):
Note that the margin of error is ~1-3% with the benchmarking (but if you have experience and a bit of wetware memory of previous runs, you can look at the flame-graphs you can usually tell if its error or actual change). Based on that, I'd say the above seems accurate and the error rate here is likely <1% between runs. Also benchmarks above were run with 3.12. We switched to benchmarking with 3.13 now that the first patch release, 3.13.1 is out a few hours after these runs. https://codspeed.io/aio-libs/aiohttp/runs/67524ceb47498039ef2933c9 is the first run with Python 3.13 for aiohttp 3.11 and shows a few unrelated (to this issue) improvements. More details in aio-libs/aiohttp#10131 |
… the protocol if needed (GH-127656) (#127663) gh-127655: Ensure `_SelectorSocketTransport.writelines` pauses the protocol if needed (GH-127656) Ensure `_SelectorSocketTransport.writelines` pauses the protocol if it reaches the high water mark as needed. (cherry picked from commit e991ac8) Co-authored-by: J. Nick Koston <[email protected]> Co-authored-by: Kumar Aditya <[email protected]>
… the protocol if needed (GH-127656) (#127664) gh-127655: Ensure `_SelectorSocketTransport.writelines` pauses the protocol if needed (GH-127656) Ensure `_SelectorSocketTransport.writelines` pauses the protocol if it reaches the high water mark as needed. (cherry picked from commit e991ac8) Co-authored-by: J. Nick Koston <[email protected]> Co-authored-by: Kumar Aditya <[email protected]>
Closing issue as linked PRs are merged |
…ses the protocol if needed Ensure _SelectorSocketTransport.writelines pauses the protocol if it reaches the high water mark as needed. Resolved upstream: python#127655 Co-authored-by: J. Nick Koston <[email protected]> Co-authored-by: Kumar Aditya <[email protected]>
Add patch to fix CVE-2024-12254: "Unbounded memory buffering in SelectorSocketTransport.writelines()". - https://mail.python.org/archives/list/[email protected]/thread/H4O3UBAOAQQXGT4RE3E4XQYR5XLROORB/ - python/cpython#127655 - python/cpython#127656
Add patch to fix CVE-2024-12254: "Unbounded memory buffering in SelectorSocketTransport.writelines()". - https://mail.python.org/archives/list/[email protected]/thread/H4O3UBAOAQQXGT4RE3E4XQYR5XLROORB/ - python/cpython#127655 - python/cpython#127656
Add patch to fix CVE-2024-12254: "Unbounded memory buffering in SelectorSocketTransport.writelines()". - https://mail.python.org/archives/list/[email protected]/thread/H4O3UBAOAQQXGT4RE3E4XQYR5XLROORB/ - python/cpython#127655 - python/cpython#127656
…ses the protocol if needed Ensure _SelectorSocketTransport.writelines pauses the protocol if it reaches the high water mark as needed. Resolved upstream: python#127655 Co-authored-by: J. Nick Koston <[email protected]> Co-authored-by: Kumar Aditya <[email protected]>
[ commit 717301b5302681e860de49ca12981cec9166e057 ] Add patch to fix CVE-2024-12254: "Unbounded memory buffering in SelectorSocketTransport.writelines()". - https://mail.python.org/archives/list/[email protected]/thread/H4O3UBAOAQQXGT4RE3E4XQYR5XLROORB/ - python/cpython#127655 - python/cpython#127656
…ses the protocol if needed Ensure _SelectorSocketTransport.writelines pauses the protocol if it reaches the high water mark as needed. Resolved upstream: python#127655 Co-authored-by: Kumar Aditya <[email protected]>
…the protocol if needed (python#127656) Ensure `_SelectorSocketTransport.writelines` pauses the protocol if it reaches the high water mark as needed. Co-authored-by: Kumar Aditya <[email protected]>
Bug report
Bug description:
This is the public issue for GHSA-fw89-6wjj-8j95
CPython versions tested on:
3.12
Operating systems tested on:
Linux, macOS
Linked PRs
_SelectorSocketTransport.writelines
pauses the protocol if needed #127656_SelectorSocketTransport.writelines
pauses the protocol if needed (GH-127656) #127663_SelectorSocketTransport.writelines
pauses the protocol if needed (GH-127656) #127664The text was updated successfully, but these errors were encountered: