[Twisted-Python] is twisted compatible with pickle?

Christopher Armstrong radix at twistedmatrix.com
Thu Mar 28 21:26:30 MDT 2013 

>
> On Thu, Mar 28, 2013 at 6:24 PM, succer110 at tiscali.it <
> succer110 at tiscali.it> wrote:
>
>> I have made 2 application:
>> The client extract data from a sql server (10k lines), and send every
>> line pickled to a "collector" server via socket.
>> The server uses twisted and receive every line, unpikle it and store the
>> data in another sql server.
>>
>> Everytime i start sending data from client to server, in the first 200
>> line (everytime a different line) **the server** throws an exception:
>> SOMETIMES it something like:
>>
>>     Traceback (most recent call last):
>>       File "collector2.py", line 81, in dataReceived
>>         self.count,account = pickle.loads(data)
>>       File "/usr/lib/python2.6/pickle.py", line 1374, in loads
>>         return Unpickler(file).load()
>>       File "/usr/lib/python2.6/pickle.py", line 858, in load
>>         dispatch[key](self)
>>       File "/usr/lib/python2.6/pickle.py", line 1138, in load_pop
>>         del self.stack[-1]
>>     IndexError: list assignment index out of range
>>
>>

> And my server:
>>
>>     def dataReceived(self, data):
>>     try:
>>     self.count,account = pickle.loads(data)
>>     except Exception as e:
>>     print "Eccezione:", e
>>     print self.count+1
>>     print  data
>>     print traceback.print_exc()
>>
>>
>>

On Thu, Mar 28, 2013 at 10:07 PM, David Reid <dreid at dreid.org> wrote:

> dataReceived gets called with any data that is available on the socket.
>  That might not be all data you sent on the other side.  To ensure complete
> "messages" are delivered your application has to specify some framing, such
> as Netstrings.
>
> See:
> http://twistedmatrix.com/documents/current/api/twisted.protocols.basic.NetstringReceiver.html and
> the original specification of netstrings
> http://cr.yp.to/proto/netstrings.txt
>
> That being said, it's a very bad idea to send pickles over the network
> because unpickling can result in arbitrary code execution.
>
> Peruse some of the results of
> https://www.google.com/search?q=pickle+execute+arbitrary+code for
> examples of these dangers.
>
> -David
>
>
We also have a FAQ entry about this:

http://twistedmatrix.com/trac/wiki/FrequentlyAskedQuestions#Whyisprotocol.dataReceivedcalledwithonlypartofthedataIcalledtransport.writewith



-- 
Christopher Armstrong
http://radix.twistedmatrix.com/
http://planet-if.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20130328/a7ba24c5/attachment.html>

More information about the Twisted-Python mailing list