Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cpython2 / 65407fb7344d4ecdeecb8733831365c23a713ab6^! / .
commit65407fb7344d4ecdeecb8733831365c23a713ab6[log] [tgz]
authorNeal Norwitz <nnorwitz@gmail.com>Sat Mar 31 18:56:11 2007 +0000
committerNeal Norwitz <nnorwitz@gmail.com>Sat Mar 31 18:56:11 2007 +0000
treea9b6176ba4cbda35577e3b437a3ab2732cefde16
parentef9e09e737914c9c5d91cf177df43fdad4be6000 [diff]
Backport 54594:
Fix SF #1688393, sock.recvfrom(-24) crashes

Also fix some method names that were copied incorrectly (trunk fixed).

diff --git a/Lib/test/test_socket.py b/Lib/test/test_socket.py
index 84f1359..b521521 100644
--- a/Lib/test/test_socket.py
+++ b/Lib/test/test_socket.py

@@ -583,6 +583,13 @@
     def _testRecvFrom(self):
         self.cli.sendto(MSG, 0, (HOST, PORT))
 
+    def testRecvFromNegative(self):
+        # Negative lengths passed to recvfrom should give ValueError.
+        self.assertRaises(ValueError, self.serv.recvfrom, -1)
+
+    def _testRecvFromNegative(self):
+        self.cli.sendto(MSG, 0, (HOST, PORT))
+
 class TCPCloserTest(ThreadedTCPSocketTest):
 
     def testClose(self):

diff --git a/Misc/NEWS b/Misc/NEWS
index 5ac9a81..77aa414 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS

@@ -134,6 +134,8 @@
 Extension Modules
 -----------------
 
+- Bug #1688393: Prevent crash in socket.recvfrom if length is negative.
+
 - Bug #1622896: fix a rare corner case where the bz2 module raised an
   error in spite of a succesful compression.
 

diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c
index 9f83327..f4d2ae6 100644
--- a/Modules/socketmodule.c
+++ b/Modules/socketmodule.c

@@ -2356,14 +2356,14 @@
 	int buflen;
 
 	/* Get the buffer's memory */
-	if (!PyArg_ParseTupleAndKeywords(args, kwds, "w#|ii:recv", kwlist,
+	if (!PyArg_ParseTupleAndKeywords(args, kwds, "w#|ii:recv_into", kwlist,
 					 &buf, &buflen, &recvlen, &flags))
 		return NULL;
 	assert(buf != 0 && buflen > 0);
 
 	if (recvlen < 0) {
 		PyErr_SetString(PyExc_ValueError,
-				"negative buffersize in recv");
+				"negative buffersize in recv_into");
 		return NULL;
 	}
 	if (recvlen == 0) {
@@ -2479,6 +2479,12 @@
 	if (!PyArg_ParseTuple(args, "i|i:recvfrom", &recvlen, &flags))
 		return NULL;
 
+	if (recvlen < 0) {
+		PyErr_SetString(PyExc_ValueError,
+				"negative buffersize in recvfrom");
+		return NULL;
+	}
+
 	buf = PyString_FromStringAndSize((char *) 0, recvlen);
 	if (buf == NULL)
 		return NULL;
@@ -2525,14 +2531,15 @@
 
 	PyObject *addr = NULL;
 
-	if (!PyArg_ParseTupleAndKeywords(args, kwds, "w#|ii:recvfrom", kwlist,
-					 &buf, &buflen, &recvlen, &flags))
+	if (!PyArg_ParseTupleAndKeywords(args, kwds, "w#|ii:recvfrom_into",
+					 kwlist, &buf, &buflen,
+					 &recvlen, &flags))
 		return NULL;
 	assert(buf != 0 && buflen > 0);
 
 	if (recvlen < 0) {
 		PyErr_SetString(PyExc_ValueError,
-				"negative buffersize in recv");
+				"negative buffersize in recvfrom_into");
 		return NULL;
 	}
 	if (recvlen == 0) {