bpo-36161: Use thread-safe function ttyname_r instead of unsafe one ttyname

[chibby0ne]

Signed-off-by: Antonio Gutierrez [email protected]

https://bugs.python.org/issue36161

[chibby0ne]

Hi all, I'm a new contributor and I've made a PR taking into account the discussion seen in the issue page.

For the ttyname_r(), I've used the buffer length of MAXPATHLEN, since I saw it used for several functions inside the same file, like: os.readlink, os.getcw, among others.

For the crypt_r() side, I've added a few unit tests one that raises the error and another that doesn't but could add more if needed.

This is how a raised error would look when passing an invalid salt:

>>> crypt.crypt('password', '__', raise_error=True) Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/tmp/cpython/Lib/crypt.py", line 73, in crypt return _crypt.crypt(word, salt, raise_error) OSError: [Errno 22] Invalid argument 

[chibby0ne]

I don't understand the error in the MacOS Builder:

ERROR: test_invalid_salt_raises_error_false (test.test_crypt.CryptTestCase) ---------------------------------------------------------------------- Traceback (most recent call last): File "/Users/vsts/agent/2.154.3/work/1/s/Lib/test/test_crypt.py", line 90, in test_invalid_salt_raises_error_false res = crypt.crypt('password', '__') File "/Users/vsts/agent/2.154.3/work/1/s/Lib/crypt.py", line 73, in crypt return _crypt.crypt(word, salt, raise_error) UnicodeDecodeError: 'utf-8' codec can't decode byte 0xfd in position 3: invalid start byte 

I don't understand since they are both unicode, and password is clearly utf-8 and the second argument are two _ underscore chars. Also the 0xfd byte is 'ý'.

If it were some codec issue wouldn't it fail in other OSes?

Likewise for the other added test.

[mangrisano]

Hi and thank you for this PR and for providing tests.

LGTM.

[chibby0ne]

@mangrisano Thanks for the approval. Unfortunately the CI is failing in MacOS. If you can, would you give me any pointers as to the cause of the issue? I truly don't understand it 😞

[chibby0ne]

Hi @mangrisano, and any others. Just a friendly ping to mention that this is ready to be merged.

[chibby0ne]

Hi all,
I need some help understanding why the MacOS test fails with that unicode error, specially since it passes for every other OS. I don't have access to a MacOS environment and have no way of testing this locally.

[benjaminp]

I don't understand these raise_error changes. Those don't seem related to changing the underlying library call.

[benjaminp]

seems like the right buffer size is actually TTY_NAME_MAX

[chibby0ne]

Correct. This macro wasn't mentioned in the version of the man pages of my local dev machine (i.e: man ttyname) but after googling this constant, it is indeed mentioned in man limits.h which is imported by Python.h in the base code.
Good catch! Thanks for the recommendation!

[benjaminp]

Prefer sizeof(buffer)

[chibby0ne]

Done.

[bedevere-bot]

A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated.

Once you have made the requested changes, please leave a comment on this pull request containing the phrase I have made the requested changes; please review again. I will then notify any core developers who have left a review that you're ready for them to take another look at this pull request.

[chibby0ne]

I don't understand these raise_error changes. Those don't seem related to changing the underlying library call.

Well according to the discussion in: https://bugs.python.org/issue36161, due to the fact that we are now returning the error code set by crypt_r (if any), this is a breaking change, so in order to maintain backwards compatible behavior (where regarless of any error it would return None), we add this boolean keyword argument raise_error.
But ofc I'm open to any suggestions 😄

I have made the requested changes; please review again

[bedevere-bot]

Thanks for making the requested changes!

@benjaminp: please review the changes made to this pull request.

[benjaminp]

I don't understand these raise_error changes. Those don't seem related to changing the underlying library call.

Well according to the discussion in: https://bugs.python.org/issue36161, due to the fact that we are now returning the error code set by crypt_r (if any), this is a breaking change, so in order to maintain backwards compatible behavior (where regarless of any error it would return None), we add this boolean keyword argument raise_error.

While I agree it's technically a breaking change, I think not raising errors from a failed cryptographic function is severely buggy behavior. "Errors should never pass silently."

But ofc I'm open to any suggestions smile

I think errors should always be propagated from crypt or you should follow the suggestion of https://bugs.python.org/issue36161#msg351981 and simply drop the crypt changes.

[chibby0ne]

While I agree it's technically a breaking change, I think not raising errors from a failed cryptographic function is severely buggy behavior. "Errors should never pass silently."

Wise aphorism! I agree wholeheartedly.

I think errors should always be propagated from crypt or you should follow the suggestion of https://bugs.python.org/issue36161#msg351981 and simply drop the crypt changes.

Yeah it looks like this will be eventually deprecated and removed. I've decided to simply raise the error in accordingly, since it helps the user but also we are not over engineering future deprecated code.

[chibby0ne]

I have made the requested changes; please review again

[bedevere-bot]

Thanks for making the requested changes!

@benjaminp: please review the changes made to this pull request.

[benjaminp]

okay, but now the tests are failng

[bedevere-bot]

A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated.

Once you have made the requested changes, please leave a comment on this pull request containing the phrase I have made the requested changes; please review again. I will then notify any core developers who have left a review that you're ready for them to take another look at this pull request.

[benjaminp]

Huh, maybe it's better to use sysconf(_SC_TTY_NAME_MAX) for portability.

[chibby0ne]

I wasn't sure about this because I saw the values were quite different between the ones used in OpenBSD and the ones used in Linux, but I agree is the more portable solution

[benjaminp]

Can you check that the errno of this error is EINVAL?

I think it would also be good to ensure that at least one method works.

[chibby0ne]

Good thinking! Done! Thanks a lot 👍

[benjaminp]

"Use ttyname_r instead of ttyname and crypt_r instead of crypt for thread safety."

[chibby0ne]

I forgot to update this, because it was autogenerated from the first commit. Thanks a lot for your review 😉

[benjaminp]

There are really two logical changes in this PR: checking the error of crypt and using ttyname_r. It would make sense to split them into separate PRs I think.

[benjaminp]

Nit: no space between the cast and the function call.

[chibby0ne]

Done!

[benjaminp]

This branch now leaks buffer.

[chibby0ne]

Good catch! Thanks ;)

[benjaminp]

Fold these two lines into one:

PyObject *res = PyUnicode_DecodeFSDefault(buffer); 

[chibby0ne]

Done!

[benjaminp]

This is not correct, though, since you're not using crypt_r any more. :P

(I should have seen that last time I looked at the message.)

[chibby0ne]

In that case will only leave this PR for the ttyname_r, and then create another one for just the error checking of crypt, and will change the news message accordingly.

[bedevere-bot]

A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated.

Once you have made the requested changes, please leave a comment on this pull request containing the phrase I have made the requested changes; please review again. I will then notify any core developers who have left a review that you're ready for them to take another look at this pull request.

[chibby0ne]

I have made the requested changes; please review again

[bedevere-bot]

Thanks for making the requested changes!

@benjaminp: please review the changes made to this pull request.

[chibby0ne]

@benjaminp What do you think I should name the other PR? AFAIK the PR branch should match the name of the issue. Should I name fix-issue-36161_part2?

[chibby0ne]

Hi @benjaminp, the error check for crypt/crypt_r was moved to: #16599

[benjaminp]

Thank you for the PR.