Skip to content

asyncio: potential leak of TLS connections #106684

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
romuald opened this issue Jul 12, 2023 · 0 comments
Closed

asyncio: potential leak of TLS connections #106684

romuald opened this issue Jul 12, 2023 · 0 comments
Labels
3.11 only security fixes 3.12 only security fixes 3.13 bugs and security fixes performance Performance or resource usage topic-asyncio type-bug An unexpected behavior, bug, or error

Comments

@romuald
Copy link
Contributor

romuald commented Jul 12, 2023
edited by bedevere-bot
Loading

Bug report

Synopsis

Forgetting to close TLS connections manually with asyncio.open_connection() will lead to a leak of TCP connection when the writer/reader get out of scope

Note: the reference is properly released when the remote side closes the connection

This seems to be counter intuitive relative to other python APIs where the connection is closed when the handle goes out of scope

Details

  • open a TLS connection with asyncio.open_connection(..., ssl=True)
  • do some read/writes
  • exit function, so handlers get out of scope (and possibly gc collected). This may be due to an exception for example
  • do not call writer.close()
  • the connection is now "unreachable" from a user point of view
  • however the TCP connection is kept alive

When trying to debug this issue I found out that a _SSLProtocolTransport instance is kept in memory, probably linked to the eventloop

Example script

import os
import asyncio
import gc
import signal

HOST = "google.fr"  # will keep the connection alive for a few minutes at least


async def query():
    reader, writer = await asyncio.open_connection(HOST, 443, ssl=True)

    # No connection: close, remote side will keep the connection open
    writer.write(f"GET / HTTP/1.1\r\nHost: {HOST}\r\n\r\n".encode())
    await writer.drain()

    # only read the first header line
    try:
        return (await reader.readline()).decode()
    finally:
        # closing the writer will properly finalize the connection
        # writer.close()
        pass

    # reader and writer are now unreachable


async def amain():
    await query()

    # The _SSLProtocolTransport object is kept in memory and the
    # connection won't be released until the remote side closes the connection
    for _ in range(200):
        # Just be sure everything is freed, just in case
        gc.collect()

        await asyncio.sleep(1)


def main():
    print(f"PID {os.getpid()}")
    task = asyncio.ensure_future(amain())

    loop = asyncio.get_event_loop()
    loop.add_signal_handler(signal.SIGTERM, task.cancel)
    loop.add_signal_handler(signal.SIGINT, task.cancel)
    loop.run_until_complete(task)


if __name__ == "__main__":
    main()

Your environment

  • CPython versions tested on:
    • 3.11.4
    • 3.10.11
  • Operating system and architecture: Debian Linux 5.19 x86_64

Linked PRs
@romuald romuald added the type-bug An unexpected behavior, bug, or error label Jul 12, 2023
@github-project-automation github-project-automation bot moved this to Todo in asyncio Jul 12, 2023
@bedevere-bot bedevere-bot mentioned this issue Aug 5, 2023
Merged
@kumaraditya303 kumaraditya303 added performance Performance or resource usage 3.11 only security fixes 3.12 only security fixes 3.13 bugs and security fixes labels Aug 5, 2023
kumaraditya303 added a commit that referenced this issue Aug 5, 2023
@kumaraditya303
GH-106684: raise ResourceWarning when asyncio.StreamWriter is not…
41178e4 
… closed (#107650)
This was referenced Aug 5, 2023
Merged
Closed
miss-islington pushed a commit to miss-islington/cpython that referenced this issue Aug 5, 2023
@kumaraditya303 @miss-islington
pythonGH-106684: raise ResourceWarning when asyncio.StreamWriter
0004686 
…is not closed (pythonGH-107650)

(cherry picked from commit 41178e4)

Co-authored-by: Kumar Aditya <[email protected]>
miss-islington pushed a commit to miss-islington/cpython that referenced this issue Aug 5, 2023
@kumaraditya303 @miss-islington
pythonGH-106684: raise ResourceWarning when asyncio.StreamWriter
385390a 
…is not closed (pythonGH-107650)

(cherry picked from commit 41178e4)

Co-authored-by: Kumar Aditya <[email protected]>
evildmp pushed a commit to evildmp/cpython that referenced this issue Aug 5, 2023
@kumaraditya303 @evildmp
pythonGH-106684: raise ResourceWarning when asyncio.StreamWriter
d999392 
…is not closed (python#107650)
Yhg1s pushed a commit that referenced this issue Aug 10, 2023
@miss-islington @kumaraditya303
[3.12] GH-106684: Close asyncio.StreamWriter when `asyncio.StreamWr…
7853c76 
…iter` is not closed by application (GH-107650) (#107656)

GH-106684: raise `ResourceWarning` when `asyncio.StreamWriter` is not closed (GH-107650)
(cherry picked from commit 41178e4)

Co-authored-by: Kumar Aditya <[email protected]>
Co-authored-by: Kumar Aditya <[email protected]>
@miss-islington miss-islington mentioned this issue Aug 10, 2023
Merged
miss-islington added a commit to miss-islington/cpython that referenced this issue Aug 10, 2023
@miss-islington @kumaraditya303
[3.12] pythonGH-106684: Close asyncio.StreamWriter when `asyncio.St…
91ce3ac 
…reamWriter` is not closed by application (pythonGH-107650) (pythonGH-107656)

pythonGH-106684: raise `ResourceWarning` when `asyncio.StreamWriter` is not closed (pythonGH-107650)
(cherry picked from commit 41178e4)

(cherry picked from commit 7853c76)

Co-authored-by: Miss Islington (bot) <[email protected]>
Co-authored-by: Kumar Aditya <[email protected]>
Co-authored-by: Kumar Aditya <[email protected]>
kumaraditya303 added a commit that referenced this issue Aug 10, 2023
@miss-islington @kumaraditya303
[3.11] [3.12] GH-106684: Close asyncio.StreamWriter when `asyncio.S…
fb08b79 
…treamWriter` is not closed by application (GH-107650) (GH-107656) (#107836)

[3.12] GH-106684:  Close `asyncio.StreamWriter` when `asyncio.StreamWriter` is not closed by application (GH-107650) (GH-107656)

GH-106684: raise `ResourceWarning` when `asyncio.StreamWriter` is not closed (GH-107650)
(cherry picked from commit 41178e4)

(cherry picked from commit 7853c76)

Co-authored-by: Kumar Aditya <[email protected]>
@github-project-automation github-project-automation bot moved this from Todo to Done in asyncio Aug 10, 2023
@vEpiphyte vEpiphyte mentioned this issue Aug 26, 2023
Closed
@Rongronggg9 Rongronggg9 mentioned this issue Sep 6, 2023
Closed
@selevit selevit mentioned this issue Nov 19, 2023
Closed
@dpr-0 dpr-0 mentioned this issue Nov 20, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
3.11 only security fixes 3.12 only security fixes 3.13 bugs and security fixes performance Performance or resource usage topic-asyncio type-bug An unexpected behavior, bug, or error
Projects
asyncio
Status: Done
Milestone
No milestone
Development

No branches or pull requests
3 participants
@romuald @sobolevn @kumaraditya303