changeset:   100764:b84d136e0028
branch:      2.7
parent:      100689:3b57d76ddd0a
user:        Martin Panter <vadmium+py@gmail.com>
date:        Sun Mar 27 05:35:19 2016 +0000
files:       Lib/test/test_ssl.py Misc/NEWS Modules/_ssl.c
description:
Issue #26644: Raise ValueError for negative SSLSocket.recv() and read()


diff -r 3b57d76ddd0a -r b84d136e0028 Lib/test/test_ssl.py
--- a/Lib/test/test_ssl.py	Wed Mar 23 13:17:23 2016 +0100
+++ b/Lib/test/test_ssl.py	Sun Mar 27 05:35:19 2016 +0000
@@ -2622,7 +2622,18 @@
                         # consume data
                         s.read()
 
+                # read(-1, buffer) is supported, even though read(-1) is not
+                data = b"data"
+                s.send(data)
+                buffer = bytearray(len(data))
+                self.assertEqual(s.read(-1, buffer), len(data))
+                self.assertEqual(buffer, data)
+
                 s.write(b"over\n")
+
+                self.assertRaises(ValueError, s.recv, -1)
+                self.assertRaises(ValueError, s.read, -1)
+
                 s.close()
 
         def test_handshake_timeout(self):
diff -r 3b57d76ddd0a -r b84d136e0028 Misc/NEWS
--- a/Misc/NEWS	Wed Mar 23 13:17:23 2016 +0100
+++ b/Misc/NEWS	Sun Mar 27 05:35:19 2016 +0000
@@ -61,6 +61,9 @@
 Library
 -------
 
+- Issue #26644: Raise ValueError rather than SystemError when a negative
+  length is passed to SSLSocket.recv() or read().
+
 - Issue #24266: Ctrl+C during Readline history search now cancels the search
   mode when compiled with Readline 7.
 
diff -r 3b57d76ddd0a -r b84d136e0028 Modules/_ssl.c
--- a/Modules/_ssl.c	Wed Mar 23 13:17:23 2016 +0100
+++ b/Modules/_ssl.c	Sun Mar 27 05:35:19 2016 +0000
@@ -1695,6 +1695,10 @@
         goto error;
 
     if ((buf.buf == NULL) && (buf.obj == NULL)) {
+        if (len < 0) {
+            PyErr_SetString(PyExc_ValueError, "size should not be negative");
+            goto error;
+        }
         dest = PyBytes_FromStringAndSize(NULL, len);
         if (dest == NULL)
             goto error;