Issue #18135: ssl.SSLSocket.write() now raises an OverflowError if the input

string in longer than 2 gigabytes. The ssl module does not support partial
write.

diff --git a/Misc/NEWS b/Misc/NEWS
index 09d252a1174a98b5d3f3f181e360c061bcb6cad9..fff0032c26898a91d50f8e53b707ff8083ef1966 100644 (file)
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -24,8 +24,9 @@ Core and Builtins
 Library
 -------
 
-- Issue #18135: Fix a possible integer overflow in ssl.SSLSocket.write()
-  for strings longer than 2 gigabytes.
+- Issue #18135: ssl.SSLSocket.write() now raises an OverflowError if the input
+  string in longer than 2 gigabytes. The ssl module does not support partial
+  write.
 
 - Issue #18167: cgi.FieldStorage no more fails to handle multipart/form-data
   when \r\n appears at end of 65535 bytes without other newlines.

diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 907429de160da3bf02ed7c789ec2fd575ceb1244..afcc0174ab8ddc63af1bbd672cae4fe366d3df4b 100644 (file)
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -1192,6 +1192,12 @@ static PyObject *PySSL_SSLwrite(PySSLObject *self, PyObject *args)
     if (!PyArg_ParseTuple(args, "s*:write", &buf))
         return NULL;
 
+    if (buf.len > INT_MAX) {
+        PyErr_Format(PyExc_OverflowError,
+                     "string longer than %d bytes", INT_MAX);
+        goto error;
+    }
+
     /* just in case the blocking state of the socket has been changed */
     nonblocking = (self->Socket->sock_timeout >= 0.0);
     BIO_set_nbio(SSL_get_rbio(self->ssl), nonblocking);
@@ -1212,13 +1218,8 @@ static PyObject *PySSL_SSLwrite(PySSLObject *self, PyObject *args)
         goto error;
     }
     do {
-        if (buf.len <= INT_MAX)
-            len = (int)buf.len;
-        else
-            len = INT_MAX;
-
         PySSL_BEGIN_ALLOW_THREADS
-        len = SSL_write(self->ssl, buf.buf, len);
+        len = SSL_write(self->ssl, buf.buf, (int)buf.len);
         err = SSL_get_error(self->ssl, len);
         PySSL_END_ALLOW_THREADS
         if (PyErr_CheckSignals()) {