From 1e81a399a25edd23d76601c0c421bdad46b5c19c Mon Sep 17 00:00:00 2001 From: Victor Stinner Date: Thu, 19 Dec 2013 16:47:04 +0100 Subject: [PATCH] Issue #20025: ssl.RAND_bytes() and ssl.RAND_pseudo_bytes() now raise a ValueError if num is negative (instead of raising a SystemError). --- Lib/test/test_ssl.py | 4 ++++ Modules/_ssl.c | 5 +++++ 2 files changed, 9 insertions(+) diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index f235daf463..f3b5695a1c 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -126,6 +126,10 @@ class BasicSocketTests(unittest.TestCase): else: self.assertRaises(ssl.SSLError, ssl.RAND_bytes, 16) + # negative num is invalid + self.assertRaises(ValueError, ssl.RAND_bytes, -5) + self.assertRaises(ValueError, ssl.RAND_pseudo_bytes, -5) + self.assertRaises(TypeError, ssl.RAND_egd, 1) self.assertRaises(TypeError, ssl.RAND_egd, 'foo', 1) ssl.RAND_add("this is a random string", 75.0) diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 374d930166..4b02d8d2dd 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -2486,6 +2486,11 @@ PySSL_RAND(int len, int pseudo) const char *errstr; PyObject *v; + if (len < 0) { + PyErr_SetString(PyExc_ValueError, "num must be positive"); + return NULL; + } + bytes = PyBytes_FromStringAndSize(NULL, len); if (bytes == NULL) return NULL; -- 2.40.0