[Python-checkins] cpython (2.7): Issue #18135: Fix a possible integer overflow in ssl.SSLSocket.write()
victor.stinner
python-checkins at python.org
Sun Jun 23 15:18:52 CEST 2013
http://hg.python.org/cpython/rev/d7e22acb2315
changeset: 84272:d7e22acb2315
branch: 2.7
parent: 84268:d2b4f59943fa
user: Victor Stinner <victor.stinner at gmail.com>
date: Sun Jun 23 15:15:10 2013 +0200
summary:
Issue #18135: Fix a possible integer overflow in ssl.SSLSocket.write()
for strings longer than 2 gigabytes.
files:
Misc/NEWS | 3 +++
Modules/_ssl.c | 7 ++++++-
2 files changed, 9 insertions(+), 1 deletions(-)
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -21,6 +21,9 @@
Library
-------
+- Issue #18135: Fix a possible integer overflow in ssl.SSLSocket.write()
+ for strings longer than 2 gigabytes.
+
- Issue #18167: cgi.FieldStorage no more fails to handle multipart/form-data
when \r\n appears at end of 65535 bytes without other newlines.
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -1212,8 +1212,13 @@
goto error;
}
do {
+ if (buf.len <= INT_MAX)
+ len = (int)buf.len;
+ else
+ len = INT_MAX;
+
PySSL_BEGIN_ALLOW_THREADS
- len = SSL_write(self->ssl, buf.buf, buf.len);
+ len = SSL_write(self->ssl, buf.buf, len);
err = SSL_get_error(self->ssl, len);
PySSL_END_ALLOW_THREADS
if (PyErr_CheckSignals()) {
--
Repository URL: http://hg.python.org/cpython
More information about the Python-checkins
mailing list