[ovs-dev] [PATCH] python: Check for SSL as well as socet errors

Frode Nordahl frode.nordahl at canonical.com
Tue Mar 16 12:39:57 UTC 2021 

When connected to a OVSDB server with a SSL stream calls to
functions dealing with sockets may raise SSL.SysCallError
Exception in addition to the socket.error Exception.

Fixes: d90ed7d65ba8 ("python: Add SSL support to the python ovs client library")
Reported-At: https://bugs.launchpad.net/bugs/1907686
Signed-off-by: Frode Nordahl <frode.nordahl at canonical.com>
---
 python/ovs/socket_util.py | 27 +++++++++++++++++----------
 python/ovs/stream.py      |  8 ++++----
 2 files changed, 21 insertions(+), 14 deletions(-)

diff --git a/python/ovs/socket_util.py b/python/ovs/socket_util.py
index 3faa64e9d..96d1db7a7 100644
--- a/python/ovs/socket_util.py
+++ b/python/ovs/socket_util.py
@@ -19,6 +19,13 @@ import random
 import socket
 import sys
 
+try:
+    from OpenSSL import SSL
+    SOCKET_EXCEPTIONS = (socket.error, SSL.SysCallError)
+except ImportError:
+    SSL = None
+    SOCKET_EXCEPTIONS = (socket.error,)
+
 import ovs.fatal_signal
 import ovs.poller
 import ovs.vlog
@@ -68,7 +75,7 @@ def make_unix_socket(style, nonblock, bind_path, connect_path, short=False):
 
     try:
         sock = socket.socket(socket.AF_UNIX, style)
-    except socket.error as e:
+    except SOCKET_EXCEPTIONS as e:
         return get_exception_errno(e), None
 
     try:
@@ -92,11 +99,11 @@ def make_unix_socket(style, nonblock, bind_path, connect_path, short=False):
         if connect_path is not None:
             try:
                 sock.connect(connect_path)
-            except socket.error as e:
+            except SOCKET_EXCEPTIONS as e:
                 if get_exception_errno(e) != errno.EINPROGRESS:
                     raise
         return 0, sock
-    except socket.error as e:
+    except SOCKET_EXCEPTIONS as e:
         sock.close()
         if (bind_path is not None and
             os.path.exists(bind_path)):
@@ -184,7 +191,7 @@ def check_connection_completion(sock):
                 # XXX rate-limit
                 vlog.err("poll return POLLERR but send succeeded")
                 return errno.EPROTO
-            except socket.error as e:
+            except SOCKET_EXCEPTIONS as e:
                 return get_exception_errno(e)
         else:
             return 0
@@ -198,9 +205,9 @@ def is_valid_ipv4_address(address):
     except AttributeError:
         try:
             socket.inet_aton(address)
-        except socket.error:
+        except SOCKET_EXCEPTIONS:
             return False
-    except socket.error:
+    except SOCKET_EXCEPTIONS:
         return False
 
     return True
@@ -232,7 +239,7 @@ def inet_open_active(style, target, default_port, dscp):
         else:
             sock = socket.socket(socket.AF_INET6, style, 0)
             family = socket.AF_INET6
-    except socket.error as e:
+    except SOCKET_EXCEPTIONS as e:
         return get_exception_errno(e), None
 
     try:
@@ -240,7 +247,7 @@ def inet_open_active(style, target, default_port, dscp):
         set_dscp(sock, family, dscp)
         try:
             sock.connect(address)
-        except socket.error as e:
+        except SOCKET_EXCEPTIONS as e:
             error = get_exception_errno(e)
             if sys.platform == 'win32' and error == errno.WSAEWOULDBLOCK:
                 # WSAEWOULDBLOCK would be the equivalent on Windows
@@ -249,7 +256,7 @@ def inet_open_active(style, target, default_port, dscp):
             if error != errno.EINPROGRESS:
                 raise
         return 0, sock
-    except socket.error as e:
+    except SOCKET_EXCEPTIONS as e:
         sock.close()
         return get_exception_errno(e), None
 
@@ -314,7 +321,7 @@ def write_fully(fd, buf):
 def set_nonblocking(sock):
     try:
         sock.setblocking(0)
-    except socket.error as e:
+    except SOCKET_EXCEPTIONS as e:
         vlog.err("could not set nonblocking mode on socket: %s"
                  % os.strerror(get_exception_errno(e)))
 
diff --git a/python/ovs/stream.py b/python/ovs/stream.py
index f5a520862..1688068d9 100644
--- a/python/ovs/stream.py
+++ b/python/ovs/stream.py
@@ -333,7 +333,7 @@ class Stream(object):
 
         try:
             return (0, self.socket.recv(n))
-        except socket.error as e:
+        except ovs.socket_util.SOCKET_EXCEPTIONS as e:
             return (ovs.socket_util.get_exception_errno(e), "")
 
     def __recv_windows(self, n):
@@ -411,7 +411,7 @@ class Stream(object):
 
         try:
             return self.socket.send(buf)
-        except socket.error as e:
+        except ovs.socket_util.SOCKET_EXCEPTIONS as e:
             return -ovs.socket_util.get_exception_errno(e)
 
     def __send_windows(self, buf):
@@ -615,7 +615,7 @@ class PassiveStream(object):
 
         try:
             sock.listen(10)
-        except socket.error as e:
+        except ovs.socket_util.SOCKET_EXCEPTIONS as e:
             vlog.err("%s: listen: %s" % (name, os.strerror(e.error)))
             sock.close()
             return e.error, None
@@ -651,7 +651,7 @@ class PassiveStream(object):
                     return 0, Stream(sock, "unix:%s" % addr, 0)
                 return 0, Stream(sock, 'ptcp:%s:%s' % (addr[0],
                                                        str(addr[1])), 0)
-            except socket.error as e:
+            except ovs.socket_util.SOCKET_EXCEPTIONS as e:
                 error = ovs.socket_util.get_exception_errno(e)
                 if sys.platform == 'win32' and error == errno.WSAEWOULDBLOCK:
                     # WSAEWOULDBLOCK would be the equivalent on Windows
-- 
2.30.2

More information about the dev mailing list