KEMBAR78
gh-136234: Fix _SelectorSocketTransport.writelines to be robust to connection loss by bmerry · Pull Request #136743 · python/cpython · GitHub
Skip to content

Conversation

@bmerry
Copy link
Contributor

@bmerry bmerry commented Jul 17, 2025

@python-cla-bot
Copy link

python-cla-bot bot commented Jul 17, 2025

All commit authors signed the Contributor License Agreement.

CLA signed

@bmerry
Copy link
Contributor Author

bmerry commented Jul 17, 2025

I've previously signed the CLA on behalf of my organisation, but my work email address has changed since then (same employer though). Is there a process to reuse that form, or do I need to sign a new one? Alternatively, I can rewrite my commits to use that old email address (it still works, just deprecated).

@kumaraditya303
Copy link
Contributor

do I need to sign a new one?

You need to sign again with the new email.

@bmerry
Copy link
Contributor Author

bmerry commented Jul 21, 2025

do I need to sign a new one?

You need to sign again with the new email.

Ok, will do. Might take a few days to run it past my employer.

@kumaraditya303 kumaraditya303 added needs backport to 3.13 bugs and security fixes needs backport to 3.14 bugs and security fixes type-bug An unexpected behavior, bug, or error labels Jul 21, 2025
@bmerry
Copy link
Contributor Author

bmerry commented Jul 28, 2025

@kumaraditya303 thanks for reviewing. The CLA has had to go to our IP people (even though I've previously signed it with a different email address), so there may be a delay. I'm hoping not longer than a week or two.

@kumaraditya303
Copy link
Contributor

Okay, ping me when the CLA is done and I'll merge it, thanks!

@bmerry
Copy link
Contributor Author

bmerry commented Aug 8, 2025

Okay, ping me when the CLA is done and I'll merge it, thanks!

@kumaraditya303 I've filled in the form (had to use the Adobe eSign process since it's on behalf of an organisation). So it's now just waiting for the PSF to process it. I don't know if I get a notification when that's complete, but if I do I'll ping you again.

@bmerry
Copy link
Contributor Author

bmerry commented Aug 25, 2025

@kumaraditya303 any idea how long it's supposed to take for a CLA signed on behalf of an organisation to be processed? I submitted the form more than 2 weeks ago and haven't seen anything about it since.

@kumaraditya303
Copy link
Contributor

any idea how long it's supposed to take for a CLA signed on behalf of an organisation to be processed? I submitted the form more than 2 weeks ago and haven't seen anything about it since.

You need to sign the CLA with the new email as well independent of organization signing.

@bmerry
Copy link
Contributor Author

bmerry commented Aug 26, 2025

any idea how long it's supposed to take for a CLA signed on behalf of an organisation to be processed? I submitted the form more than 2 weeks ago and haven't seen anything about it since.

You need to sign the CLA with the new email as well independent of organization signing.

The form says "If you wish to sign a Contributor Agreement on behalf of an organization or to use a different Initial License, please use the manual form instead" (note the instead). Presumably it must be possible to not do the automatic form since that only caters to one of the possible initial licenses. I'll follow up with the PSF to check what's happening.

@bmerry
Copy link
Contributor Author

bmerry commented Sep 8, 2025

any idea how long it's supposed to take for a CLA signed on behalf of an organisation to be processed? I submitted the form more than 2 weeks ago and haven't seen anything about it since.

You need to sign the CLA with the new email as well independent of organization signing.

The form says "If you wish to sign a Contributor Agreement on behalf of an organization or to use a different Initial License, please use the manual form instead" (note the instead). Presumably it must be possible to not do the automatic form since that only caters to one of the possible initial licenses. I'll follow up with the PSF to check what's happening.

@kumaraditya303 I've had no reply from the PSF, so for expediency I've signed the CLA as an individual so that the CLAbot will be happy. This contribution is made on behalf of my employer, for which I've completed the manual form.

@kumaraditya303 kumaraditya303 merged commit 7d435cf into python:main Sep 8, 2025
51 checks passed
@miss-islington-app
Copy link

Thanks @bmerry for the PR, and @kumaraditya303 for merging it 🌮🎉.. I'm working now to backport this PR to: 3.13, 3.14.
🐍🍒⛏🤖

miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Sep 8, 2025
…t to connection loss (pythonGH-136743)

(cherry picked from commit 7d435cf)

Co-authored-by: Bruce Merry <1963944+bmerry@users.noreply.github.com>
miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Sep 8, 2025
…t to connection loss (pythonGH-136743)

(cherry picked from commit 7d435cf)

Co-authored-by: Bruce Merry <1963944+bmerry@users.noreply.github.com>
@bedevere-app
Copy link

bedevere-app bot commented Sep 8, 2025

GH-138673 is a backport of this pull request to the 3.14 branch.

@bedevere-app bedevere-app bot removed the needs backport to 3.14 bugs and security fixes label Sep 8, 2025
@bedevere-app
Copy link

bedevere-app bot commented Sep 8, 2025

GH-138674 is a backport of this pull request to the 3.13 branch.

@bedevere-app bedevere-app bot removed the needs backport to 3.13 bugs and security fixes label Sep 8, 2025
@bmerry bmerry deleted the fix-gh-136234 branch September 8, 2025 16:14
@bmerry
Copy link
Contributor Author

bmerry commented Sep 8, 2025

Are there any security grounds for a 3.12 backport? If an attacker can figure out how to win this race condition, they could potentially DoS a server that is not expecting an AttributeError. I guess typically that would just crash the asyncio Task that's handling the connection and the server would survive.

kumaraditya303 pushed a commit to miss-islington/cpython that referenced this pull request Sep 9, 2025
…t to connection loss (pythonGH-136743)

(cherry picked from commit 7d435cf)

Co-authored-by: Bruce Merry <1963944+bmerry@users.noreply.github.com>
kumaraditya303 added a commit to kumaraditya303/cpython that referenced this pull request Sep 9, 2025
@bedevere-app
Copy link

bedevere-app bot commented Sep 9, 2025

GH-138702 is a backport of this pull request to the 3.14 branch.

1 similar comment
@bedevere-app
Copy link

bedevere-app bot commented Sep 9, 2025

GH-138702 is a backport of this pull request to the 3.14 branch.

lkollar pushed a commit to lkollar/cpython that referenced this pull request Sep 9, 2025
kumaraditya303 added a commit that referenced this pull request Oct 7, 2025
miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Oct 7, 2025
…e robust to connection loss (pythonGH-136743) (pythonGH-138702)

(cherry picked from commit 5cd6cfe)

Co-authored-by: Kumar Aditya <kumaraditya@python.org>
kumaraditya303 added a commit that referenced this pull request Oct 7, 2025
…st to connection loss (GH-136743) (GH-138702) (#139710)

[3.14] gh-136234: Fix `SelectorSocketTransport.writelines` to be robust to connection loss (GH-136743) (GH-138702)
(cherry picked from commit 5cd6cfe)

Co-authored-by: Kumar Aditya <kumaraditya@python.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

topic-asyncio type-bug An unexpected behavior, bug, or error

Projects

None yet

Development

Successfully merging this pull request may close these issues.

_SelectorSocketTransport.writelines does not protect against connection lost

2 participants