SSL error during _conditional_error will crash worker thread

[kasium]

❓ I'm submitting a ...

• 🐞 bug report
• 🐣 feature request
• ❓ question about the decisions made in the repository

🐞 Describe the bug. What is the current behavior?
If a communication fails, cheroot will catch all exceptions and execute self._conditional_error(req, '500 Internal Server Error'). If in this code any other exception beside FatalSSLAlert and NoSSLError is raised, the worker calling communicate will die.

❓ What is the motivation / use case for changing the behavior?
Better exception handling

💡 To Reproduce
no way to reproduce this by purpose

💡 Expected behavior
Thread does not crash

📋 Details

SSLEOFError: EOF occurred in violation of protocol (_ssl.c:2423)
  File "cheroot/server.py", line 1267, in communicate
    req.parse_request()
  File "cheroot/server.py", line 702, in parse_request
    success = self.read_request_line()
  File "cheroot/server.py", line 761, in read_request_line
    self.simple_response(
  File "cheroot/server.py", line 1111, in simple_response
    self.conn.wfile.write(EMPTY.join(buf))
  File "cheroot/makefile.py", line 438, in write
    res = super().write(val, *args, **kwargs)
  File "cheroot/makefile.py", line 36, in write
    self._flush_unlocked()
  File "cheroot/makefile.py", line 45, in _flush_unlocked
    n = self.raw.write(bytes(self._write_buf))
  File "socket.py", line 724, in write
    return self._sock.send(b)
  File "ssl.py", line 1210, in send
    return self._sslobj.write(data)
SSLEOFError: EOF occurred in violation of protocol (_ssl.c:2423)
  File "cheroot/workers/threadpool.py", line 125, in run
    keep_conn_open = conn.communicate()
  File "cheroot/server.py", line 1296, in communicate
    self._conditional_error(req, '500 Internal Server Error')
  File "cheroot/server.py", line 1339, in _conditional_error
    req.simple_response(response)
  File "cheroot/server.py", line 1111, in simple_response
    self.conn.wfile.write(EMPTY.join(buf))
  File "cheroot/makefile.py", line 438, in write
    res = super().write(val, *args, **kwargs)
  File "cheroot/makefile.py", line 36, in write
    self._flush_unlocked()
  File "cheroot/makefile.py", line 45, in _flush_unlocked
    n = self.raw.write(bytes(self._write_buf))
  File "socket.py", line 724, in write
    return self._sock.send(b)
  File "ssl.py", line 1210, in send
    return self._sslobj.write(data)

📋 Environment

• Cheroot version: 8.4.1
• Python version: 3.11.0
• OS: Linux
• Browser: all

[webknjaz]

Perhaps, we need to stick a conversion like https://github.com/cherrypy/cheroot/pull/518/files#diff-32c3bac8a98e3af340546845790f8668df0cf58e07210c9e85019ea557ed4d56R273-R279 somewhere?

[jdavis74]

I am seeing this error when our Cheroot based server undergoes a Nessus scan. Attached are the exceptions encountered during the scan and a patch (taken against Cheroot 9.0.0) that at least prevents it from locking up. I am in no way suggesting that my patch is a proper fix!

cheroot-exc.txt

cheroot-nessuscrash.patch