extmod/modssl_mbedtls: Reject ioctls that are not supported.

An SSL stream can only handle CLOSE and POLL ioctls.  Other ones do not
make sense, or at least it doesn't make sense to pass the ioctl request
directly down to the underlying stream.

In particular MP_STREAM_GET_FILENO should not be passed to the underlying
stream because the SSL stream is not directly related to a file descriptor,
and the SSL stream must handle the polling itself.

Signed-off-by: Damien George <damien@micropython.org>

extmod/modssl_mbedtls.c

@@ -514,6 +514,10 @@ STATIC mp_uint_t socket_ioctl(mp_obj_t o_in, mp_uint_t request, uintptr_t arg, i
                 }
             }
         }
+    } else {
+        // Unsupported ioctl.
+        *errcode = MP_EINVAL;
+        return MP_STREAM_ERROR;
     }
 
     // Pass all requests down to the underlying socket

tests/extmod/ssl_ioctl.py

@@ -0,0 +1,31 @@
+# Test SSL ioctl method.
+# Direct access to this method is only available if MICROPY_UNIX_COVERAGE is enabled.
+
+try:
+    import io, ssl
+
+    io.BytesIO
+except (ImportError, AttributeError):
+    print("SKIP")
+    raise SystemExit
+
+_MP_STREAM_POLL = 3
+_MP_STREAM_CLOSE = 4
+_MP_STREAM_GET_FILENO = 10
+
+s = ssl.wrap_socket(io.BytesIO(), server_side=1, do_handshake=0)
+
+if not hasattr(s, "ioctl"):
+    print("SKIP")
+    raise SystemExit
+
+# These ioctl's should be unsupported.
+for request in (-1, 0, _MP_STREAM_GET_FILENO):
+    try:
+        s.ioctl(request, 0)
+    except OSError:
+        print(request, "OSError")
+
+# These ioctl's should be supported.
+for request in (_MP_STREAM_CLOSE, _MP_STREAM_POLL, _MP_STREAM_CLOSE):
+    print(request, s.ioctl(request, 0))

tests/extmod/ssl_ioctl.py.exp

@@ -0,0 +1,6 @@
+-1 OSError
+0 OSError
+10 OSError
+4 0
+3 32
+4 32