Our Windows 64-bit buildbot has interesting warnings:

..\Modules\_ssl.c(493): warning C4244: 'function' : conversion from 'SOCKET_T' to 'int', possible loss of data [C:\buildbot.python.org\3.x.kloth-win64\build\PCbuild\_ssl.vcxproj]
  ..\Modules\_ssl.c(1304): warning C4244: 'function' : conversion from 'SOCKET_T' to 'int', possible loss of data [C:\buildbot.python.org\3.x.kloth-win64\build\PCbuild\_ssl.vcxproj]
  ..\Modules\_ssl.c(1306): warning C4244: 'function' : conversion from 'SOCKET_T' to 'int', possible loss of data [C:\buildbot.python.org\3.x.kloth-win64\build\PCbuild\_ssl.vcxproj]
  ..\Modules\_ssl.c(1360): warning C4244: 'function' : conversion from 'Py_ssize_t' to 'int', possible loss of data [C:\buildbot.python.org\3.x.kloth-win64\build\PCbuild\_ssl.vcxproj]
  ..\Modules\_ssl.c(1655): warning C4267: '=' : conversion from 'size_t' to 'int', possible loss of data [C:\buildbot.python.org\3.x.kloth-win64\build\PCbuild\_ssl.vcxproj]
  ..\Modules\_ssl.c(1659): warning C4267: '=' : conversion from 'size_t' to 'int', possible loss of data [C:\buildbot.python.org\3.x.kloth-win64\build\PCbuild\_ssl.vcxproj]
  ..\Modules\_ssl.c(2109): warning C4244: 'return' : conversion from 'Py_ssize_t' to 'int', possible loss of data [C:\buildbot.python.org\3.x.kloth-win64\build\PCbuild\_ssl.vcxproj]

http://buildbot.python.org/all/builders/AMD64%20Windows7%20SP1%203.x/builds/2042/steps/compile/logs/warnings%20%28532%29

It looks like the _ssl.c module does mix int and size_t types. Attached patch should fix 3 warnings. I didn't test my patch except running test_ssl (with success on my Linux x64 box).

The patch contains a lot of unrelated trailing spaces changes. Could you please commit they separately? See also issue15550.

New changeset f0d934732ab1 by Victor Stinner in branch '3.3':
Issue #18135: Fix a possible integer overflow in ssl.SSLSocket.write()
http://hg.python.org/cpython/rev/f0d934732ab1

New changeset f90d82a75a43 by Victor Stinner in branch 'default':
(Merge 3.3) Issue #18135: Fix a possible integer overflow in
http://hg.python.org/cpython/rev/f90d82a75a43

New changeset d7e22acb2315 by Victor Stinner in branch '2.7':
Issue #18135: Fix a possible integer overflow in ssl.SSLSocket.write()
http://hg.python.org/cpython/rev/d7e22acb2315

I'm sorry to chime in a bit late, but I think this isn't the correct solution. Right now partial writes are not possible on a SSL socket, but this commit makes them possible. See http://bugs.python.org/issue8240 and http://bugs.python.org/issue12197 for some background.

I think the right solution here would be to raise OverflowError, not truncate the output.

> Right now partial writes are not possible on a SSL socket, but this commit makes them possible.

Oh, I didn't know (forgot) that SSL does allow partial write by default.

> I think the right solution here would be to raise OverflowError, not truncate the output.

Do you mean always? Or only if the SSL_MODE_ENABLE_PARTIAL_WRITE option is not set?

> > I think the right solution here would be to raise OverflowError, not truncate the output.
> 
> Do you mean always? Or only if the SSL_MODE_ENABLE_PARTIAL_WRITE option is not set?

SSL_MODE_ENABLE_PARTIAL_WRITE is never set.

> I think the right solution here would be to raise OverflowError, not truncate the output.

Here is a new patch (for Python 3.3) always raising OverflowError if the string is longer than INT_MAX bytes.

Fixed patch: ssl_overflow-2.patch.

New changeset bfede07268a1 by Victor Stinner in branch '3.3':
Issue #18135: ssl.SSLSocket.write() now raises an OverflowError if the input
http://hg.python.org/cpython/rev/bfede07268a1

New changeset 12a388024d5b by Victor Stinner in branch 'default':
(Merge 3.3) Issue #18135: ssl.SSLSocket.write() now raises an OverflowError if
http://hg.python.org/cpython/rev/12a388024d5b

New changeset a29eaffa7d72 by Victor Stinner in branch '2.7':
Issue #18135: ssl.SSLSocket.write() now raises an OverflowError if the input
http://hg.python.org/cpython/rev/a29eaffa7d72

Re-close?