You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
cPython's ssl.py has merged a fix for CVE-2023-40217 several months ago. When a client closes the connection before SSL handshake is finished, and there's still data in the buffer, the server would raise an SSLError whose errno is ENOTCONN to prevent any potential malicious action from the client.
However, this can happend on some normal curcumstances (for example, client disconnects on connection timeout). When it happens, sock.accept() would raise an error that is not handled by wsgi server, thus cause the server to exit.
try:
serv.log.info('({}) wsgi starting up on {}'.format(serv.pid, socket_repr(sock)))
whileis_accepting:
try:
client_socket, client_addr=sock.accept() # 1. an SSLError(errno.ENOTCONN) will be raisedclient_socket.settimeout(serv.socket_timeout)
serv.log.debug('({}) accepted {!r}'.format(serv.pid, client_addr))
connections[client_addr] =connection= [client_addr, client_socket, STATE_IDLE]
(pool.spawn(serv.process_request, connection)
.link(_clean_connection, connection))
exceptACCEPT_EXCEPTIONSase:
ifsupport.get_errno(e) notinACCEPT_ERRNO: # 2. the errno is not handled hereraiseelse:
breakfinally:
forcsinconnections.values():
prev_state=cs[2]
cs[2] =STATE_CLOSEifprev_state==STATE_IDLE:
greenio.shutdown_safe(cs[1])
pool.waitall()
serv.log.info('({}) wsgi exited, is_accepting={}'.format(serv.pid, is_accepting)) # 3. wsgi server is exited
The text was updated successfully, but these errors were encountered:
cPython's ssl.py has merged a fix for CVE-2023-40217 several months ago. When a client closes the connection before SSL handshake is finished, and there's still data in the buffer, the server would raise an SSLError whose errno is ENOTCONN to prevent any potential malicious action from the client.
However, this can happend on some normal curcumstances (for example, client disconnects on connection timeout). When it happens, sock.accept() would raise an error that is not handled by wsgi server, thus cause the server to exit.
The text was updated successfully, but these errors were encountered: