sctp_send_msg: msg_len parameter overflows and overwrites fd on python 3.13.5 #54
Description
Hello.
I created the following minimal test script:
import sctp
import socket
sk = socket.socket(socket.AF_INET, socket.SOCK_SEQPACKET, socket.IPPROTO_SCTP)
sock = sctp.sctpsocket_udp(socket.AF_INET, sk=sk)
sock.sctp_send(b"Hello world!", to=("127.0.0.1", 11002))
Running it with python 3.10.12 works as expected.
Running it with python 3.13.5 produces the following error:
$ python3 script.py
Traceback (most recent call last):
File "/home/ah/.DATA/CODE/wips/psctp-reconnect/script.py", line 6, in <module>
sock.sctp_send(b"1234", to=("127.0.0.1", 11002))
~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/ah/.DATA/CODE/wips/psctp-reconnect/venv/lib/python3.13/site-packages/sctp.py", line 1178, in sctp_send
return _sctp.sctp_send_msg(self._sk.fileno(), msg, to, ppid, flags, stream, timetolive, context)
~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
OSError: [Errno 88] Socket operation on non-socket
Changing the type of the msg_len parameter seems to fix this issue:
static PyObject* sctp_send_msg(PyObject* dummy, PyObject* args)
{
- int fd, msg_len, size_sent, ppid, flags, stream, ttl, context;
+ Py_ssize_t msg_len;
+ int fd, size_sent, ppid, flags, stream, ttl, context;
const char *msg;