Issue #18135: ssl.SSLSocket.write() now raises an OverflowError if the input
string in longer than 2 gigabytes. The ssl module does not support partial
write.
diff --git a/Misc/NEWS b/Misc/NEWS
index 09d252a..fff0032 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -24,8 +24,9 @@
Library
-------
-- Issue #18135: Fix a possible integer overflow in ssl.SSLSocket.write()
- for strings longer than 2 gigabytes.
+- Issue #18135: ssl.SSLSocket.write() now raises an OverflowError if the input
+ string in longer than 2 gigabytes. The ssl module does not support partial
+ write.
- Issue #18167: cgi.FieldStorage no more fails to handle multipart/form-data
when \r\n appears at end of 65535 bytes without other newlines.
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 907429d..afcc017 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -1192,6 +1192,12 @@
if (!PyArg_ParseTuple(args, "s*:write", &buf))
return NULL;
+ if (buf.len > INT_MAX) {
+ PyErr_Format(PyExc_OverflowError,
+ "string longer than %d bytes", INT_MAX);
+ goto error;
+ }
+
/* just in case the blocking state of the socket has been changed */
nonblocking = (self->Socket->sock_timeout >= 0.0);
BIO_set_nbio(SSL_get_rbio(self->ssl), nonblocking);
@@ -1212,13 +1218,8 @@
goto error;
}
do {
- if (buf.len <= INT_MAX)
- len = (int)buf.len;
- else
- len = INT_MAX;
-
PySSL_BEGIN_ALLOW_THREADS
- len = SSL_write(self->ssl, buf.buf, len);
+ len = SSL_write(self->ssl, buf.buf, (int)buf.len);
err = SSL_get_error(self->ssl, len);
PySSL_END_ALLOW_THREADS
if (PyErr_CheckSignals()) {