Library
-------
-- Issue #18135: Fix a possible integer overflow in ssl.SSLSocket.write()
- and in ssl.SSLContext.load_cert_chain() for strings and passwords longer than
- 2 gigabytes.
+- Issue #18135: ssl.SSLSocket.write() now raises an OverflowError if the input
+ string in longer than 2 gigabytes, and ssl.SSLContext.load_cert_chain()
+ raises a ValueError if the password is longer than 2 gigabytes. The ssl
+ module does not support partial write.
- Issue #18248: Fix libffi build on AIX.
return NULL;
}
+ if (buf.len > INT_MAX) {
+ PyErr_Format(PyExc_OverflowError,
+ "string longer than %d bytes", INT_MAX);
+ goto error;
+ }
+
/* just in case the blocking state of the socket has been changed */
nonblocking = (sock->sock_timeout >= 0.0);
BIO_set_nbio(SSL_get_rbio(self->ssl), nonblocking);
goto error;
}
do {
- len = (int)Py_MIN(buf.len, INT_MAX);
PySSL_BEGIN_ALLOW_THREADS
- len = SSL_write(self->ssl, buf.buf, len);
+ len = SSL_write(self->ssl, buf.buf, (int)buf.len);
err = SSL_get_error(self->ssl, len);
PySSL_END_ALLOW_THREADS
if (PyErr_CheckSignals()) {
projects / thirdparty / Python / cpython.git / commitdiff
