From 7ce37c1d451778faee660e21e596d4f3269930cd Mon Sep 17 00:00:00 2001 From: Anthony Young-Garner Date: Tue, 19 Jan 2021 09:54:27 -0600 Subject: [PATCH] Uncaught socket exception during timeout handling --- cheroot/ssl/pyopenssl.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/cheroot/ssl/pyopenssl.py b/cheroot/ssl/pyopenssl.py index 8b01b348de..cb2cbc6e3c 100644 --- a/cheroot/ssl/pyopenssl.py +++ b/cheroot/ssl/pyopenssl.py @@ -99,8 +99,14 @@ def _safe_call(self, is_reader, call, *args, **kwargs): # noqa: C901 except SSL.WantWriteError: time.sleep(self.ssl_retry) except SSL.SysCallError as e: - if is_reader and e.args == (-1, 'Unexpected EOF'): - return b'' + if e.args == (-1, 'Unexpected EOF'): + if is_reader: + return b'' + else: + # See #210. Prevents DOS attack caused by + # silent connections lasting beyond connection + # timeout length. + raise errors.FatalSSLAlert(*e.args) errnum = e.args[0] if is_reader and errnum in errors.socket_errors_to_ignore: