[Python-checkins] cpython (3.3): Issue #18135: ssl.SSLSocket.write() now raises an OverflowError if the input

victor.stinner python-checkins at python.org
Tue Jun 25 00:44:03 CEST 2013 

http://hg.python.org/cpython/rev/bfede07268a1
changeset:   84332:bfede07268a1
branch:      3.3
parent:      84323:4a114b0db866
user:        Victor Stinner <victor.stinner at gmail.com>
date:        Tue Jun 25 00:42:31 2013 +0200
summary:
  Issue #18135: ssl.SSLSocket.write() now raises an OverflowError if the input
string in longer than 2 gigabytes, and ssl.SSLContext.load_cert_chain() raises
a ValueError if the password is longer than 2 gigabytes. The ssl module does
not support partial write.

files:
  Misc/NEWS      |  7 ++++---
  Modules/_ssl.c |  9 +++++++--
  2 files changed, 11 insertions(+), 5 deletions(-)


diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -38,9 +38,10 @@
 Library
 -------
 
-- Issue #18135: Fix a possible integer overflow in ssl.SSLSocket.write()
-  and in ssl.SSLContext.load_cert_chain() for strings and passwords longer than
-  2 gigabytes.
+- Issue #18135: ssl.SSLSocket.write() now raises an OverflowError if the input
+  string in longer than 2 gigabytes, and ssl.SSLContext.load_cert_chain()
+  raises a ValueError if the password is longer than 2 gigabytes. The ssl
+  module does not support partial write.
 
 - Issue #18248: Fix libffi build on AIX.
 
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -1264,6 +1264,12 @@
         return NULL;
     }
 
+    if (buf.len > INT_MAX) {
+        PyErr_Format(PyExc_OverflowError,
+                     "string longer than %d bytes", INT_MAX);
+        goto error;
+    }
+
     /* just in case the blocking state of the socket has been changed */
     nonblocking = (sock->sock_timeout >= 0.0);
     BIO_set_nbio(SSL_get_rbio(self->ssl), nonblocking);
@@ -1284,9 +1290,8 @@
         goto error;
     }
     do {
-        len = (int)Py_MIN(buf.len, INT_MAX);
         PySSL_BEGIN_ALLOW_THREADS
-        len = SSL_write(self->ssl, buf.buf, len);
+        len = SSL_write(self->ssl, buf.buf, (int)buf.len);
         err = SSL_get_error(self->ssl, len);
         PySSL_END_ALLOW_THREADS
         if (PyErr_CheckSignals()) {

-- 
Repository URL: http://hg.python.org/cpython

More information about the Python-checkins mailing list