[issue18135] _ssl module: possible integer overflow for very long strings (+2^31 bytes)
Terry J. Reedy added the comment: Re-close? -- nosy: +terry.reedy ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue18135 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue18135] _ssl module: possible integer overflow for very long strings (+2^31 bytes)
Changes by STINNER Victor victor.stin...@gmail.com: -- status: open - closed ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue18135 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue18135] _ssl module: possible integer overflow for very long strings (+2^31 bytes)
STINNER Victor added the comment: Fixed patch: ssl_overflow-2.patch. -- Added file: http://bugs.python.org/file30692/ssl_overflow-2.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue18135 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue18135] _ssl module: possible integer overflow for very long strings (+2^31 bytes)
Roundup Robot added the comment: New changeset bfede07268a1 by Victor Stinner in branch '3.3': Issue #18135: ssl.SSLSocket.write() now raises an OverflowError if the input http://hg.python.org/cpython/rev/bfede07268a1 New changeset 12a388024d5b by Victor Stinner in branch 'default': (Merge 3.3) Issue #18135: ssl.SSLSocket.write() now raises an OverflowError if http://hg.python.org/cpython/rev/12a388024d5b -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue18135 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue18135] _ssl module: possible integer overflow for very long strings (+2^31 bytes)
Roundup Robot added the comment: New changeset a29eaffa7d72 by Victor Stinner in branch '2.7': Issue #18135: ssl.SSLSocket.write() now raises an OverflowError if the input http://hg.python.org/cpython/rev/a29eaffa7d72 -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue18135 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue18135] _ssl module: possible integer overflow for very long strings (+2^31 bytes)
Roundup Robot added the comment: New changeset f0d934732ab1 by Victor Stinner in branch '3.3': Issue #18135: Fix a possible integer overflow in ssl.SSLSocket.write() http://hg.python.org/cpython/rev/f0d934732ab1 New changeset f90d82a75a43 by Victor Stinner in branch 'default': (Merge 3.3) Issue #18135: Fix a possible integer overflow in http://hg.python.org/cpython/rev/f90d82a75a43 New changeset d7e22acb2315 by Victor Stinner in branch '2.7': Issue #18135: Fix a possible integer overflow in ssl.SSLSocket.write() http://hg.python.org/cpython/rev/d7e22acb2315 -- nosy: +python-dev ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue18135 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue18135] _ssl module: possible integer overflow for very long strings (+2^31 bytes)
Changes by STINNER Victor victor.stin...@gmail.com: -- resolution: - fixed status: open - closed ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue18135 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue18135] _ssl module: possible integer overflow for very long strings (+2^31 bytes)
Antoine Pitrou added the comment: I'm sorry to chime in a bit late, but I think this isn't the correct solution. Right now partial writes are not possible on a SSL socket, but this commit makes them possible. See http://bugs.python.org/issue8240 and http://bugs.python.org/issue12197 for some background. I think the right solution here would be to raise OverflowError, not truncate the output. -- status: closed - open ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue18135 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue18135] _ssl module: possible integer overflow for very long strings (+2^31 bytes)
Antoine Pitrou added the comment: I think the right solution here would be to raise OverflowError, not truncate the output. Do you mean always? Or only if the SSL_MODE_ENABLE_PARTIAL_WRITE option is not set? SSL_MODE_ENABLE_PARTIAL_WRITE is never set. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue18135 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue18135] _ssl module: possible integer overflow for very long strings (+2^31 bytes)
STINNER Victor added the comment: Right now partial writes are not possible on a SSL socket, but this commit makes them possible. Oh, I didn't know (forgot) that SSL does allow partial write by default. I think the right solution here would be to raise OverflowError, not truncate the output. Do you mean always? Or only if the SSL_MODE_ENABLE_PARTIAL_WRITE option is not set? -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue18135 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue18135] _ssl module: possible integer overflow for very long strings (+2^31 bytes)
STINNER Victor added the comment: I think the right solution here would be to raise OverflowError, not truncate the output. Here is a new patch (for Python 3.3) always raising OverflowError if the string is longer than INT_MAX bytes. -- Added file: http://bugs.python.org/file30676/ssl_overflow.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue18135 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue18135] _ssl module: possible integer overflow for very long strings (+2^31 bytes)
Serhiy Storchaka added the comment: The patch contains a lot of unrelated trailing spaces changes. Could you please commit they separately? See also issue15550. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue18135 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue18135] _ssl module: possible integer overflow for very long strings (+2^31 bytes)
New submission from STINNER Victor: Our Windows 64-bit buildbot has interesting warnings: ..\Modules\_ssl.c(493): warning C4244: 'function' : conversion from 'SOCKET_T' to 'int', possible loss of data [C:\buildbot.python.org\3.x.kloth-win64\build\PCbuild\_ssl.vcxproj] ..\Modules\_ssl.c(1304): warning C4244: 'function' : conversion from 'SOCKET_T' to 'int', possible loss of data [C:\buildbot.python.org\3.x.kloth-win64\build\PCbuild\_ssl.vcxproj] ..\Modules\_ssl.c(1306): warning C4244: 'function' : conversion from 'SOCKET_T' to 'int', possible loss of data [C:\buildbot.python.org\3.x.kloth-win64\build\PCbuild\_ssl.vcxproj] ..\Modules\_ssl.c(1360): warning C4244: 'function' : conversion from 'Py_ssize_t' to 'int', possible loss of data [C:\buildbot.python.org\3.x.kloth-win64\build\PCbuild\_ssl.vcxproj] ..\Modules\_ssl.c(1655): warning C4267: '=' : conversion from 'size_t' to 'int', possible loss of data [C:\buildbot.python.org\3.x.kloth-win64\build\PCbuild\_ssl.vcxproj] ..\Modules\_ssl.c(1659): warning C4267: '=' : conversion from 'size_t' to 'int', possible loss of data [C:\buildbot.python.org\3.x.kloth-win64\build\PCbuild\_ssl.vcxproj] ..\Modules\_ssl.c(2109): warning C4244: 'return' : conversion from 'Py_ssize_t' to 'int', possible loss of data [C:\buildbot.python.org\3.x.kloth-win64\build\PCbuild\_ssl.vcxproj] http://buildbot.python.org/all/builders/AMD64%20Windows7%20SP1%203.x/builds/2042/steps/compile/logs/warnings%20%28532%29 It looks like the _ssl.c module does mix int and size_t types. Attached patch should fix 3 warnings. I didn't test my patch except running test_ssl (with success on my Linux x64 box). -- files: ssl_int.patch keywords: patch messages: 190614 nosy: haypo, pitrou priority: normal severity: normal status: open title: _ssl module: possible integer overflow for very long strings (+2^31 bytes) versions: Python 2.7, Python 3.3, Python 3.4 Added file: http://bugs.python.org/file30464/ssl_int.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue18135 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue18135] _ssl module: possible integer overflow for very long strings (+2^31 bytes)
Changes by Serhiy Storchaka storch...@gmail.com: -- nosy: +serhiy.storchaka ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue18135 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com