Library
-------
+- Issue #18135: Fix a possible integer overflow in ssl.SSLSocket.write()
+ and in ssl.SSLContext.load_cert_chain() for strings and passwords longer than
+ 2 gigabytes.
+
- Issue #18248: Fix libffi build on AIX.
- Issue #18259: Declare sethostname in socketmodule.c for AIX
goto error;
}
do {
+ len = (int)Py_MIN(buf.len, INT_MAX);
PySSL_BEGIN_ALLOW_THREADS
- len = SSL_write(self->ssl, buf.buf, buf.len);
+ len = SSL_write(self->ssl, buf.buf, len);
err = SSL_get_error(self->ssl, len);
PySSL_END_ALLOW_THREADS
if (PyErr_CheckSignals()) {
{
PyObject *retval = NULL;
char buf[PySSL_CB_MAXLEN];
- int len;
+ size_t len;
if (SSL_session_reused(self->ssl) ^ !self->socket_type) {
/* if session is resumed XOR we are the client */
}
/* It cannot be negative in current OpenSSL version as of July 2011 */
- assert(len >= 0);
if (len == 0)
Py_RETURN_NONE;
PyThreadState *thread_state;
PyObject *callable;
char *password;
- Py_ssize_t size;
+ int size;
int error;
} _PySSLPasswordInfo;
goto error;
}
+ if (size > (Py_ssize_t)INT_MAX) {
+ PyErr_Format(PyExc_ValueError,
+ "password cannot be longer than %d bytes", INT_MAX);
+ goto error;
+ }
+
free(pw_info->password);
pw_info->password = malloc(size);
if (!pw_info->password) {
goto error;
}
memcpy(pw_info->password, data, size);
- pw_info->size = size;
+ pw_info->size = (int)size;
Py_XDECREF(password_bytes);
return 1;
projects / python / commitdiff