diff options
author | Maximilian Hils <git@maximilianhils.com> | 2017-02-10 14:56:55 +0100 |
---|---|---|
committer | Hynek Schlawack <hs@ox.cx> | 2017-02-10 14:56:55 +0100 |
commit | 868dc3c25404d3be232c209ec15f976e434668d5 (patch) | |
tree | c922b90ab3cabce0c2a03f0f7f1dfd1c724196a8 /src/OpenSSL/SSL.py | |
parent | b748099426db3963c7b06d2e0aec29e12e016c07 (diff) | |
download | pyopenssl-868dc3c25404d3be232c209ec15f976e434668d5.tar.gz |
Limit SSL_write bufsize to avoid OverflowErrors (#603)
* limit SSL_write bufsize to avoid OverflowErrors
* fix .send() truncation, add test
Diffstat (limited to 'src/OpenSSL/SSL.py')
-rw-r--r-- | src/OpenSSL/SSL.py | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py index d4158d4..8bbde5b 100644 --- a/src/OpenSSL/SSL.py +++ b/src/OpenSSL/SSL.py @@ -1455,6 +1455,8 @@ class Connection(object): buf = str(buf) if not isinstance(buf, bytes): raise TypeError("data must be a memoryview, buffer or byte string") + if len(buf) > 2147483647: + raise ValueError("Cannot send more than 2**31-1 bytes at once.") result = _lib.SSL_write(self._ssl, buf, len(buf)) self._raise_ssl_error(self._ssl, result) @@ -1486,7 +1488,13 @@ class Connection(object): data = _ffi.new("char[]", buf) while left_to_send: - result = _lib.SSL_write(self._ssl, data + total_sent, left_to_send) + # SSL_write's num arg is an int, + # so we cannot send more than 2**31-1 bytes at once. + result = _lib.SSL_write( + self._ssl, + data + total_sent, + min(left_to_send, 2147483647) + ) self._raise_ssl_error(self._ssl, result) total_sent += result left_to_send -= result |