From: Victor Stinner <victor.stinner@gmail.com>
Date: Sun, 23 Jun 2013 13:15:10 +0000 (+0200)
Subject: Issue #18135: Fix a possible integer overflow in ssl.SSLSocket.write()
X-Git-Tag: v2.7.6rc1~342
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4807df41ad7871f5fcf0e4568c71f8e101eb5738;p=thirdparty%2FPython%2Fcpython.git

Issue #18135: Fix a possible integer overflow in ssl.SSLSocket.write()
for strings longer than 2 gigabytes.
---

diff --git a/Misc/NEWS b/Misc/NEWS
index b45536689595..d7e15f387802 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -21,6 +21,9 @@ Core and Builtins
 Library
 -------
 
+- Issue #18135: Fix a possible integer overflow in ssl.SSLSocket.write()
+  for strings longer than 2 gigabytes.
+
 - Issue #18167: cgi.FieldStorage no more fails to handle multipart/form-data
   when \r\n appears at end of 65535 bytes without other newlines.
 
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 195e5b6491f8..907429de160d 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -1212,8 +1212,13 @@ static PyObject *PySSL_SSLwrite(PySSLObject *self, PyObject *args)
         goto error;
     }
     do {
+        if (buf.len <= INT_MAX)
+            len = (int)buf.len;
+        else
+            len = INT_MAX;
+
         PySSL_BEGIN_ALLOW_THREADS
-        len = SSL_write(self->ssl, buf.buf, buf.len);
+        len = SSL_write(self->ssl, buf.buf, len);
         err = SSL_get_error(self->ssl, len);
         PySSL_END_ALLOW_THREADS
         if (PyErr_CheckSignals()) {