Issue #26644: Merge SSL negative read fix from 3.5
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index 8b72ca9..f86bbc1b 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -2783,6 +2783,13 @@
# consume data
s.read()
+ # read(-1, buffer) is supported, even though read(-1) is not
+ data = b"data"
+ s.send(data)
+ buffer = bytearray(len(data))
+ self.assertEqual(s.read(-1, buffer), len(data))
+ self.assertEqual(buffer, data)
+
# Make sure sendmsg et al are disallowed to avoid
# inadvertent disclosure of data and/or corruption
# of the encrypted data stream
@@ -2792,6 +2799,10 @@
s.recvmsg_into, bytearray(100))
s.write(b"over\n")
+
+ self.assertRaises(ValueError, s.recv, -1)
+ self.assertRaises(ValueError, s.read, -1)
+
s.close()
def test_nonblocking_send(self):
diff --git a/Misc/NEWS b/Misc/NEWS
index 83dee73..c70b3e0 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -232,6 +232,9 @@
Library
-------
+- Issue #26644: Raise ValueError rather than SystemError when a negative
+ length is passed to SSLSocket.recv() or read().
+
- Issue #26616: Fixed a bug in datetime.astimezone() method.
- Issue #26637: The :mod:`importlib` module now emits an :exc:`ImportError`
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index c96237e..838d5ba 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -1895,6 +1895,11 @@
_PyTime_t timeout, deadline = 0;
int has_timeout;
+ if (!group_right_1 && len < 0) {
+ PyErr_SetString(PyExc_ValueError, "size should not be negative");
+ return NULL;
+ }
+
if (sock != NULL) {
if (((PyObject*)sock) == Py_None) {
_setSSLError("Underlying socket connection gone",