[Python-checkins] cpython (2.7): Issue #26644: Raise ValueError for negative SSLSocket.recv() and read()
martin.panter
python-checkins at python.org
Sun Mar 27 06:41:31 EDT 2016
https://hg.python.org/cpython/rev/b84d136e0028
changeset: 100764:b84d136e0028
branch: 2.7
parent: 100689:3b57d76ddd0a
user: Martin Panter <vadmium+py at gmail.com>
date: Sun Mar 27 05:35:19 2016 +0000
summary:
Issue #26644: Raise ValueError for negative SSLSocket.recv() and read()
files:
Lib/test/test_ssl.py | 11 +++++++++++
Misc/NEWS | 3 +++
Modules/_ssl.c | 4 ++++
3 files changed, 18 insertions(+), 0 deletions(-)
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -2622,7 +2622,18 @@
# consume data
s.read()
+ # read(-1, buffer) is supported, even though read(-1) is not
+ data = b"data"
+ s.send(data)
+ buffer = bytearray(len(data))
+ self.assertEqual(s.read(-1, buffer), len(data))
+ self.assertEqual(buffer, data)
+
s.write(b"over\n")
+
+ self.assertRaises(ValueError, s.recv, -1)
+ self.assertRaises(ValueError, s.read, -1)
+
s.close()
def test_handshake_timeout(self):
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -61,6 +61,9 @@
Library
-------
+- Issue #26644: Raise ValueError rather than SystemError when a negative
+ length is passed to SSLSocket.recv() or read().
+
- Issue #24266: Ctrl+C during Readline history search now cancels the search
mode when compiled with Readline 7.
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -1695,6 +1695,10 @@
goto error;
if ((buf.buf == NULL) && (buf.obj == NULL)) {
+ if (len < 0) {
+ PyErr_SetString(PyExc_ValueError, "size should not be negative");
+ goto error;
+ }
dest = PyBytes_FromStringAndSize(NULL, len);
if (dest == NULL)
goto error;
--
Repository URL: https://hg.python.org/cpython
More information about the Python-checkins
mailing list