# HG changeset patch
# Parent  82da02b5bf222f37109772ef22cc1031fe478c29
Issue #26644: Raise ValueError for negative SSLSocket.recv() and read()

diff -r 82da02b5bf22 Lib/test/test_ssl.py
--- a/Lib/test/test_ssl.py	Sat Mar 26 01:12:36 2016 +0100
+++ b/Lib/test/test_ssl.py	Sat Mar 26 08:00:01 2016 +0000
@@ -2801,6 +2801,10 @@
                                   s.recvmsg_into, bytearray(100))
 
                 s.write(b"over\n")
+
+                self.assertRaises(ValueError, s.recv, -1)
+                self.assertRaises(ValueError, s.read, -1)
+
                 s.close()
 
         def test_nonblocking_send(self):
diff -r 82da02b5bf22 Misc/NEWS
--- a/Misc/NEWS	Sat Mar 26 01:12:36 2016 +0100
+++ b/Misc/NEWS	Sat Mar 26 08:00:01 2016 +0000
@@ -232,6 +232,9 @@
 Library
 -------
 
+- Issue #26644: Raise ValueError rather than SystemError when a negative
+  length is passed to SSLSocket.recv() or read().
+
 - Issue #26616: Fixed a bug in datetime.astimezone() method.
 
 - Issue #26637: The :mod:`importlib` module now emits an :exc:`ImportError`
diff -r 82da02b5bf22 Modules/_ssl.c
--- a/Modules/_ssl.c	Sat Mar 26 01:12:36 2016 +0100
+++ b/Modules/_ssl.c	Sat Mar 26 08:00:01 2016 +0000
@@ -1895,6 +1895,11 @@
     _PyTime_t timeout, deadline = 0;
     int has_timeout;
 
+    if (len < 0) {
+        PyErr_SetString(PyExc_ValueError, "len should not be negative");
+        return NULL;
+    }
+
     if (sock != NULL) {
         if (((PyObject*)sock) == Py_None) {
             _setSSLError("Underlying socket connection gone",