Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(5)

Unified Diff: Modules/_ssl.c

Issue 18135: _ssl module: possible integer overflow for very long strings (+2^31 bytes)
Patch Set: Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « Misc/NEWS ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
--- a/Modules/_ssl.c Mon Jun 24 20:38:46 2013 +0100
+++ b/Modules/_ssl.c Mon Jun 24 22:19:39 2013 +0200
@@ -1264,6 +1264,12 @@ static PyObject *PySSL_SSLwrite(PySSLSoc
return NULL;
}
+ if (buf.len > INT_MAX) {
+ PyErr_Format(PyExc_OverflowError,
+ "string longer than %d bytes", INT_MAX);
+ goto error;
+ }
+
/* just in case the blocking state of the socket has been changed */
nonblocking = (sock->sock_timeout >= 0.0);
BIO_set_nbio(SSL_get_rbio(self->ssl), nonblocking);
@@ -1284,9 +1290,8 @@ static PyObject *PySSL_SSLwrite(PySSLSoc
goto error;
}
do {
- len = (int)Py_MIN(buf.len, INT_MAX);
PySSL_BEGIN_ALLOW_THREADS
- len = SSL_write(self->ssl, buf.buf, len);
+ len = SSL_write(self->ssl, buf.buf, (int)buf.len);
err = SSL_get_error(self->ssl, len);
PySSL_END_ALLOW_THREADS
if (PyErr_CheckSignals()) {
« no previous file with comments | « Misc/NEWS ('k') | no next file » | no next file with comments »

RSS Feeds Recent Issues | This issue
This is Rietveld 894c83f36cb7+