diff options
author | Jeremy Hylton <jeremy@alum.mit.edu> | 2001-10-11 17:23:34 (GMT) |
---|---|---|
committer | Jeremy Hylton <jeremy@alum.mit.edu> | 2001-10-11 17:23:34 (GMT) |
commit | ba69936037788ddf0cf43047ecb5c3a00af20628 (patch) | |
tree | 58e57cf65561bbf0be0dca382475ac5b10b47fcb | |
parent | ae0013d3aa136bef90ab4f69d3d735cc2ed0aed1 (diff) | |
download | cpython-ba69936037788ddf0cf43047ecb5c3a00af20628.zip cpython-ba69936037788ddf0cf43047ecb5c3a00af20628.tar.gz cpython-ba69936037788ddf0cf43047ecb5c3a00af20628.tar.bz2 |
Commit parts of SF patch #462759
Use #define X509_NAME_MAXLEN for server/issuer length on an SSL
object.
Update doc strings for socket.ssl() and ssl methods read() and
write().
PySSL_SSLwrite(): Check return value and raise exception on error.
Use int for len instead of size_t. (All the function the size_t obj
was passed to our from expected an int!)
PySSL_SSLread(): Check return value of PyArg_ParseTuple()! More
robust checks of return values from SSL_read().
-rw-r--r-- | Modules/socketmodule.c | 136 |
1 files changed, 68 insertions, 68 deletions
diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c index f8f522b..c492153 100644 --- a/Modules/socketmodule.c +++ b/Modules/socketmodule.c @@ -488,6 +488,8 @@ typedef struct { #ifdef USE_SSL +#define X509_NAME_MAXLEN 256 + typedef struct { PyObject_HEAD PySocketSockObject *Socket; /* Socket on which we're layered */ @@ -495,8 +497,8 @@ typedef struct { SSL* ssl; X509* server_cert; BIO* sbio; - char server[256]; - char issuer[256]; + char server[X509_NAME_MAXLEN]; + char issuer[X509_NAME_MAXLEN]; } PySSLObject; @@ -2563,8 +2565,8 @@ newPySSLObject(PySocketSockObject *Sock, char *key_file, char *cert_file) errstr = "newPySSLObject error"; goto fail; } - memset(self->server, '\0', sizeof(char) * 256); - memset(self->issuer, '\0', sizeof(char) * 256); + memset(self->server, '\0', sizeof(char) * X509_NAME_MAXLEN); + memset(self->issuer, '\0', sizeof(char) * X509_NAME_MAXLEN); self->server_cert = NULL; self->ssl = NULL; self->ctx = NULL; @@ -2612,9 +2614,9 @@ newPySSLObject(PySocketSockObject *Sock, char *key_file, char *cert_file) if ((self->server_cert = SSL_get_peer_certificate(self->ssl))) { X509_NAME_oneline(X509_get_subject_name(self->server_cert), - self->server, 256); + self->server, X509_NAME_MAXLEN); X509_NAME_oneline(X509_get_issuer_name(self->server_cert), - self->issuer, 256); + self->issuer, X509_NAME_MAXLEN); } self->Socket = Sock; Py_INCREF(self->Socket); @@ -2647,31 +2649,23 @@ PySocket_ssl(PyObject *self, PyObject *args) } static char ssl_doc[] = -"ssl(socket, keyfile, certfile) -> sslobject"; +"ssl(socket, [keyfile, certfile]) -> sslobject"; + +/* SSL object methods */ static PyObject * -PySSL_server(PySSLObject *self, PyObject *args) +PySSL_server(PySSLObject *self) { return PyString_FromString(self->server); } static PyObject * -PySSL_issuer(PySSLObject *self, PyObject *args) +PySSL_issuer(PySSLObject *self) { return PyString_FromString(self->issuer); } -/* SSL object methods */ - -static PyMethodDef PySSLMethods[] = { - {"write", (PyCFunction)PySSL_SSLwrite, 1}, - {"read", (PyCFunction)PySSL_SSLread, 1}, - {"server", (PyCFunction)PySSL_server, 1}, - {"issuer", (PyCFunction)PySSL_issuer, 1}, - {NULL, NULL} -}; - static void PySSL_dealloc(PySSLObject *self) { if (self->server_cert) /* Possible not to have one? */ @@ -2684,82 +2678,88 @@ static void PySSL_dealloc(PySSLObject *self) PyObject_Del(self); } -static PyObject *PySSL_getattr(PySSLObject *self, char *name) -{ - return Py_FindMethod(PySSLMethods, (PyObject *)self, name); -} - -staticforward PyTypeObject PySSL_Type = { - PyObject_HEAD_INIT(NULL) - 0, /*ob_size*/ - "SSL", /*tp_name*/ - sizeof(PySSLObject), /*tp_basicsize*/ - 0, /*tp_itemsize*/ - /* methods */ - (destructor)PySSL_dealloc, /*tp_dealloc*/ - 0, /*tp_print*/ - (getattrfunc)PySSL_getattr, /*tp_getattr*/ - 0, /*tp_setattr*/ - 0, /*tp_compare*/ - 0, /*tp_repr*/ - 0, /*tp_as_number*/ - 0, /*tp_as_sequence*/ - 0, /*tp_as_mapping*/ - 0, /*tp_hash*/ -}; - - - static PyObject *PySSL_SSLwrite(PySSLObject *self, PyObject *args) { char *data; - size_t len; + int len; if (!PyArg_ParseTuple(args, "s#:write", &data, &len)) return NULL; len = SSL_write(self->ssl, data, len); - return PyInt_FromLong((long)len); + if (len > 0) + return PyInt_FromLong(len); + else + return PySSL_SetError(self->ssl, len); } +static char PySSL_SSLwrite_doc[] = +"write(s) -> len\n\ +\n\ +Writes the string s into the SSL object. Returns the number\n\ +of bytes written."; + static PyObject *PySSL_SSLread(PySSLObject *self, PyObject *args) { PyObject *buf; int count = 0; int len = 1024; - int res; - PyArg_ParseTuple(args, "|i:read", &len); + if (!PyArg_ParseTuple(args, "|i:read", &len)) + return NULL; if (!(buf = PyString_FromStringAndSize((char *) 0, len))) - return NULL; /* Error object should already be set */ + return NULL; count = SSL_read(self->ssl, PyString_AsString(buf), len); - res = SSL_get_error(self->ssl, count); - - switch (res) { - case SSL_ERROR_NONE: - assert(count > 0); - break; - case SSL_ERROR_ZERO_RETURN: /* normal EOF */ - assert(count == 0); - break; - default: - return PyErr_SetFromErrno(PySSLErrorObject); - } - - fflush(stderr); - - if (count < 0) { + if (count <= 0) { Py_DECREF(buf); - return PyErr_SetFromErrno(PySSLErrorObject); + return PySSL_SetError(self->ssl, count); } - if (count != len && _PyString_Resize(&buf, count) < 0) return NULL; return buf; } +static char PySSL_SSLread_doc[] = +"read([len]) -> string\n\ +\n\ +Read up to len bytes from the SSL socket."; + +static PyMethodDef PySSLMethods[] = { + {"write", (PyCFunction)PySSL_SSLwrite, 1, + PySSL_SSLwrite_doc}, + {"read", (PyCFunction)PySSL_SSLread, 1, + PySSL_SSLread_doc}, + {"server", (PyNoArgsFunction)PySSL_server, METH_NOARGS}, + {"issuer", (PyNoArgsFunction)PySSL_issuer, METH_NOARGS}, + {NULL, NULL} +}; + +static PyObject *PySSL_getattr(PySSLObject *self, char *name) +{ + return Py_FindMethod(PySSLMethods, (PyObject *)self, name); +} + +staticforward PyTypeObject PySSL_Type = { + PyObject_HEAD_INIT(NULL) + 0, /*ob_size*/ + "SSL", /*tp_name*/ + sizeof(PySSLObject), /*tp_basicsize*/ + 0, /*tp_itemsize*/ + /* methods */ + (destructor)PySSL_dealloc, /*tp_dealloc*/ + 0, /*tp_print*/ + (getattrfunc)PySSL_getattr, /*tp_getattr*/ + 0, /*tp_setattr*/ + 0, /*tp_compare*/ + 0, /*tp_repr*/ + 0, /*tp_as_number*/ + 0, /*tp_as_sequence*/ + 0, /*tp_as_mapping*/ + 0, /*tp_hash*/ +}; + #endif /* USE_SSL */ |