mirror of
https://github.com/python/cpython.git
synced 2025-07-23 03:05:38 +00:00
Issue #18135: ssl.SSLSocket.write() now raises an OverflowError if the input
string in longer than 2 gigabytes, and ssl.SSLContext.load_cert_chain() raises a ValueError if the password is longer than 2 gigabytes. The ssl module does not support partial write.
This commit is contained in:
parent
51cee7d24a
commit
6efa965a27
2 changed files with 11 additions and 5 deletions
|
@ -38,9 +38,10 @@ Core and Builtins
|
||||||
Library
|
Library
|
||||||
-------
|
-------
|
||||||
|
|
||||||
- Issue #18135: Fix a possible integer overflow in ssl.SSLSocket.write()
|
- Issue #18135: ssl.SSLSocket.write() now raises an OverflowError if the input
|
||||||
and in ssl.SSLContext.load_cert_chain() for strings and passwords longer than
|
string in longer than 2 gigabytes, and ssl.SSLContext.load_cert_chain()
|
||||||
2 gigabytes.
|
raises a ValueError if the password is longer than 2 gigabytes. The ssl
|
||||||
|
module does not support partial write.
|
||||||
|
|
||||||
- Issue #18248: Fix libffi build on AIX.
|
- Issue #18248: Fix libffi build on AIX.
|
||||||
|
|
||||||
|
|
|
@ -1264,6 +1264,12 @@ static PyObject *PySSL_SSLwrite(PySSLSocket *self, PyObject *args)
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (buf.len > INT_MAX) {
|
||||||
|
PyErr_Format(PyExc_OverflowError,
|
||||||
|
"string longer than %d bytes", INT_MAX);
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
|
|
||||||
/* just in case the blocking state of the socket has been changed */
|
/* just in case the blocking state of the socket has been changed */
|
||||||
nonblocking = (sock->sock_timeout >= 0.0);
|
nonblocking = (sock->sock_timeout >= 0.0);
|
||||||
BIO_set_nbio(SSL_get_rbio(self->ssl), nonblocking);
|
BIO_set_nbio(SSL_get_rbio(self->ssl), nonblocking);
|
||||||
|
@ -1284,9 +1290,8 @@ static PyObject *PySSL_SSLwrite(PySSLSocket *self, PyObject *args)
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
do {
|
do {
|
||||||
len = (int)Py_MIN(buf.len, INT_MAX);
|
|
||||||
PySSL_BEGIN_ALLOW_THREADS
|
PySSL_BEGIN_ALLOW_THREADS
|
||||||
len = SSL_write(self->ssl, buf.buf, len);
|
len = SSL_write(self->ssl, buf.buf, (int)buf.len);
|
||||||
err = SSL_get_error(self->ssl, len);
|
err = SSL_get_error(self->ssl, len);
|
||||||
PySSL_END_ALLOW_THREADS
|
PySSL_END_ALLOW_THREADS
|
||||||
if (PyErr_CheckSignals()) {
|
if (PyErr_CheckSignals()) {
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue