diff -r 0dc0a86bcda1 Modules/_ssl.c --- a/Modules/_ssl.c Tue Jun 04 23:18:48 2013 +0200 +++ b/Modules/_ssl.c Tue Jun 04 23:34:27 2013 +0200 @@ -205,7 +205,7 @@ typedef struct { int npn_protocols_len; #endif #ifndef OPENSSL_NO_TLSEXT - PyObject *set_hostname; + PyObject *set_hostname; #endif } PySSLContext; @@ -1170,7 +1170,7 @@ static PyObject *PySSL_selected_npn_prot const unsigned char *out; unsigned int outlen; - SSL_get0_next_proto_negotiated(self->ssl, + SSL_get0_next_proto_negotiated(self->ssl, &out, &outlen); if (out == NULL) @@ -1356,8 +1356,9 @@ static PyObject *PySSL_SSLwrite(PySSLSoc goto error; } do { + len = (int)Py_MIN(buf.len, INT_MAX); PySSL_BEGIN_ALLOW_THREADS - len = SSL_write(self->ssl, buf.buf, buf.len); + len = SSL_write(self->ssl, buf.buf, len); err = SSL_get_error(self->ssl, len); PySSL_END_ALLOW_THREADS if (PyErr_CheckSignals()) { @@ -1648,7 +1649,7 @@ PySSL_tls_unique_cb(PySSLSocket *self) { PyObject *retval = NULL; char buf[PySSL_CB_MAXLEN]; - int len; + size_t len; if (SSL_session_reused(self->ssl) ^ !self->socket_type) { /* if session is resumed XOR we are the client */ @@ -1660,7 +1661,6 @@ PySSL_tls_unique_cb(PySSLSocket *self) } /* It cannot be negative in current OpenSSL version as of July 2011 */ - assert(len >= 0); if (len == 0) Py_RETURN_NONE; @@ -1803,7 +1803,7 @@ context_new(PyTypeObject *type, PyObject self->npn_protocols = NULL; #endif #ifndef OPENSSL_NO_TLSEXT - self->set_hostname = NULL; + self->set_hostname = NULL; #endif /* Defaults */ SSL_CTX_set_verify(self->ctx, SSL_VERIFY_NONE, NULL); @@ -1871,8 +1871,8 @@ set_ciphers(PySSLContext *self, PyObject #ifdef OPENSSL_NPN_NEGOTIATED /* this callback gets passed to SSL_CTX_set_next_protos_advertise_cb */ static int -_advertiseNPN_cb(SSL *s, - const unsigned char **data, unsigned int *len, +_advertiseNPN_cb(SSL *s, + const unsigned char **data, unsigned int *len, void *args) { PySSLContext *ssl_ctx = (PySSLContext *) args; @@ -1889,7 +1889,7 @@ static int } /* this callback gets passed to SSL_CTX_set_next_proto_select_cb */ static int -_selectNPN_cb(SSL *s, +_selectNPN_cb(SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *server, unsigned int server_len, void *args) @@ -2023,7 +2023,7 @@ typedef struct { PyThreadState *thread_state; PyObject *callable; char *password; - Py_ssize_t size; + int size; int error; } _PySSLPasswordInfo; @@ -2057,6 +2057,12 @@ static int goto error; } + if (size > INT_MAX) { + PyErr_Format(PyExc_ValueError, + "password cannot be longer than %d bytes", INT_MAX); + goto error; + } + free(pw_info->password); pw_info->password = malloc(size); if (!pw_info->password) { @@ -2065,7 +2071,7 @@ static int goto error; } memcpy(pw_info->password, data, size); - pw_info->size = size; + pw_info->size = (int)size; Py_XDECREF(password_bytes); return 1; @@ -2450,7 +2456,7 @@ static int if (ssl_socket == Py_None) { goto error; } - + if (servername == NULL) { result = PyObject_CallFunctionObjArgs(ssl_ctx->set_hostname, ssl_socket, Py_None, ssl_ctx, NULL); @@ -3157,7 +3163,7 @@ PyInit__ssl(void) } if (PyModule_AddObject(m, "lib_codes_to_names", lib_codes_to_names)) return NULL; - + /* OpenSSL version */ /* SSLeay() gives us the version of the library linked against, which could be different from the headers version.