Fix SSL handshake over-reading in STARTTLS#7417
Merged
youknowone merged 1 commit intoRustPython:mainfrom Mar 13, 2026
Merged
Conversation
Contributor
📝 WalkthroughWalkthroughThis change centralizes timeout error construction across SSL and OpenSSL modules using a shared helper function, and introduces TLS record boundary-aware reading in the SSL handshake path to prevent premature buffer consumption and potential application data loss. Changes
Sequence Diagram(s)sequenceDiagram
participant Socket as TCP Socket
participant Peek as Peek Buffer
participant Parser as TLS Parser
participant Reader as Record Reader
participant PyVM as Python VM
Socket->>Peek: peek(header_size=5)
Peek-->>Parser: raw_bytes[0:5]
Parser->>Parser: parse version + length
Parser-->>Reader: total_record_size
Reader->>Socket: recv(total_record_size)
Socket-->>Reader: complete_record_bytes
Reader->>PyVM: return exact bytes read
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
📝 Coding Plan
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
youknowone
force-pushed
the
ssl-handshake
branch
from
083f2bf to
1fe003d
Compare
During STARTTLS handshake, sock_recv(16KB) could consume application data that arrived alongside handshake records. The consumed data ended up in rustls's internal buffer where select() could not detect it, causing asyncore-based servers to miss readable events and the peer to time out. Use MSG_PEEK to find the TLS record boundary, then recv() only one complete record. Remaining data stays in the kernel TCP buffer, visible to select(). This matches OpenSSL's default no-read-ahead behaviour. Fixes flaky test_poplib (TestPOP3_TLSClass) failures.
youknowone
force-pushed
the
ssl-handshake
branch
from
1fe003d to
2602df0
Compare
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
🧹 Nitpick comments (1)
crates/stdlib/src/openssl.rs (1)
2862-2866: Minor style inconsistency: prefer.to_owned()for consistency.The rest of the file uses
.to_owned()for string literal conversions (e.g., lines 3000, 3051, 3242), while this change uses.to_string(). Both are functionally equivalent, but using.to_owned()would maintain consistency.🔧 Suggested fix for consistency
- return Err(socket::timeout_error_msg( - vm, - "The read operation timed out".to_string(), - ) - .upcast()); + return Err(socket::timeout_error_msg( + vm, + "The read operation timed out".to_owned(), + ) + .upcast());🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@crates/stdlib/src/openssl.rs` around lines 2862 - 2866, Replace the .to_string() call on the literal inside the timeout error return with .to_owned() for consistency with the rest of openssl.rs; specifically update the call in the expression that constructs the socket::timeout_error_msg (the return Err(... upcast()) statement that currently uses "The read operation timed out".to_string()) to use "The read operation timed out".to_owned().
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In `@crates/stdlib/src/openssl.rs`:
- Around line 2862-2866: Replace the .to_string() call on the literal inside the
timeout error return with .to_owned() for consistency with the rest of
openssl.rs; specifically update the call in the expression that constructs the
socket::timeout_error_msg (the return Err(... upcast()) statement that currently
uses "The read operation timed out".to_string()) to use "The read operation
timed out".to_owned().
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yml
Review profile: CHILL
Plan: Pro
Run ID: 37b93a80-4151-4eba-8f46-f3bf90dbb5b8
📒 Files selected for processing (5)
crates/stdlib/src/openssl.rscrates/stdlib/src/ssl.rscrates/stdlib/src/ssl/compat.rscrates/vm/src/stdlib/_winapi.rscrates/vm/src/vm/vm_new.rs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
During STARTTLS handshake, sock_recv(16KB) could consume application data that arrived alongside handshake records. The consumed data ended up in rustls's internal buffer where select() could not detect it, causing asyncore-based servers to miss readable events and the peer to time out.
Use MSG_PEEK to find the TLS record boundary, then recv() only one complete record. Remaining data stays in the kernel TCP buffer, visible to select(). This matches OpenSSL's default no-read-ahead behaviour.
Fixes flaky test_poplib (TestPOP3_TLSClass) failures.
Summary by CodeRabbit