changeset: 100763:af92651c22e9 branch: 3.5 parent: 100755:3b702ed7fe35 user: Martin Panter date: Sun Mar 27 05:35:19 2016 +0000 files: Lib/test/test_ssl.py Misc/NEWS Modules/_ssl.c description: Issue #26644: Raise ValueError for negative SSLSocket.recv() and read() diff -r 3b702ed7fe35 -r af92651c22e9 Lib/test/test_ssl.py --- a/Lib/test/test_ssl.py Mon Mar 14 18:09:39 2016 +0100 +++ b/Lib/test/test_ssl.py Sun Mar 27 05:35:19 2016 +0000 @@ -2792,6 +2792,13 @@ # consume data s.read() + # read(-1, buffer) is supported, even though read(-1) is not + data = b"data" + s.send(data) + buffer = bytearray(len(data)) + self.assertEqual(s.read(-1, buffer), len(data)) + self.assertEqual(buffer, data) + # Make sure sendmsg et al are disallowed to avoid # inadvertent disclosure of data and/or corruption # of the encrypted data stream @@ -2801,6 +2808,10 @@ s.recvmsg_into, bytearray(100)) s.write(b"over\n") + + self.assertRaises(ValueError, s.recv, -1) + self.assertRaises(ValueError, s.read, -1) + s.close() def test_nonblocking_send(self): diff -r 3b702ed7fe35 -r af92651c22e9 Misc/NEWS --- a/Misc/NEWS Mon Mar 14 18:09:39 2016 +0100 +++ b/Misc/NEWS Sun Mar 27 05:35:19 2016 +0000 @@ -94,6 +94,9 @@ Library ------- +- Issue #26644: Raise ValueError rather than SystemError when a negative + length is passed to SSLSocket.recv() or read(). + - Issue #26616: Fixed a bug in datetime.astimezone() method. - Issue #21925: :func:`warnings.formatwarning` now catches exceptions on diff -r 3b702ed7fe35 -r af92651c22e9 Modules/_ssl.c --- a/Modules/_ssl.c Mon Mar 14 18:09:39 2016 +0100 +++ b/Modules/_ssl.c Sun Mar 27 05:35:19 2016 +0000 @@ -1895,6 +1895,11 @@ _PyTime_t timeout, deadline = 0; int has_timeout; + if (!group_right_1 && len < 0) { + PyErr_SetString(PyExc_ValueError, "size should not be negative"); + return NULL; + } + if (sock != NULL) { if (((PyObject*)sock) == Py_None) { _setSSLError("Underlying socket connection gone",