Issue #18135: Fix a possible integer overflow in ssl.SSLSocket.write()

for strings longer than 2 gigabytes.

Issue #18135: Fix a possible integer overflow in ssl.SSLSocket.write()
for strings longer than 2 gigabytes.
4807df41 · Victor Stinner · 76038810 · 4807df41 · 4807df41
Commit 4807df41 authored Jun 23, 2013 by Victor Stinner
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 1 deletion

Misc/NEWS Misc/NEWS +3 -0

Modules/_ssl.c Modules/_ssl.c +6 -1

No files found.
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -21,6 +21,9 @@ Core and Builtins
 Library
 -------

+- Issue #18135: Fix a possible integer overflow in ssl.SSLSocket.write()
+  for strings longer than 2 gigabytes.
+
 - Issue #18167: cgi.FieldStorage no more fails to handle multipart/form-data
  when \r\n appears at end of 65535 bytes without other newlines.


--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -1212,8 +1212,13 @@ static PyObject *PySSL_SSLwrite(PySSLObject *self, PyObject *args)
        goto error;
    }
    do {
+        if (buf.len <= INT_MAX)
+            len = (int)buf.len;
+        else
+            len = INT_MAX;
+
        PySSL_BEGIN_ALLOW_THREADS
-        len = SSL_write(self->ssl, buf.buf, buf.len);
+        len = SSL_write(self->ssl, buf.buf, len);
        err = SSL_get_error(self->ssl, len);
        PySSL_END_ALLOW_THREADS
        if (PyErr_CheckSignals()) {