Message79996
The read() method on ssl objects can take a buffer as a parameter, but
the method is buggy in this case:
- it only accepts bytearrays, while it should accept any object
supporting the buffer protocol in write mode
- when the object is not a bytearray, it returns NULL without setting
the current exception
- since it doesn't attempt to get a buffer export from the object, there
is no protection and the buffer could be resized while the method
releases the GIL, leading to a likely crash
This patch solves all three issues. Note that I'm not able to write an
unit test for it, because test_ssl.py is too high-level (it looks more
like functional tests than unit tests). Also, the only reason I
discovered this is that it made some tests fail on the io-in-C branch
(which uses readinto() a lot). I'm a complete SSL newbie. |
|
Date |
User |
Action |
Args |
2009-01-17 02:36:53 | pitrou | set | recipients:
+ pitrou, janssen |
2009-01-17 02:36:52 | pitrou | set | messageid: <1232159812.52.0.781690409094.issue4967@psf.upfronthosting.co.za> |
2009-01-17 02:36:50 | pitrou | link | issue4967 messages |
2009-01-17 02:36:48 | pitrou | create | |
|