summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJeremy Hylton <jeremy@alum.mit.edu>2001-10-11 17:23:34 (GMT)
committerJeremy Hylton <jeremy@alum.mit.edu>2001-10-11 17:23:34 (GMT)
commitba69936037788ddf0cf43047ecb5c3a00af20628 (patch)
tree58e57cf65561bbf0be0dca382475ac5b10b47fcb
parentae0013d3aa136bef90ab4f69d3d735cc2ed0aed1 (diff)
downloadcpython-ba69936037788ddf0cf43047ecb5c3a00af20628.zip
cpython-ba69936037788ddf0cf43047ecb5c3a00af20628.tar.gz
cpython-ba69936037788ddf0cf43047ecb5c3a00af20628.tar.bz2
Commit parts of SF patch #462759
Use #define X509_NAME_MAXLEN for server/issuer length on an SSL object. Update doc strings for socket.ssl() and ssl methods read() and write(). PySSL_SSLwrite(): Check return value and raise exception on error. Use int for len instead of size_t. (All the function the size_t obj was passed to our from expected an int!) PySSL_SSLread(): Check return value of PyArg_ParseTuple()! More robust checks of return values from SSL_read().
-rw-r--r--Modules/socketmodule.c136
1 files changed, 68 insertions, 68 deletions
diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c
index f8f522b..c492153 100644
--- a/Modules/socketmodule.c
+++ b/Modules/socketmodule.c
@@ -488,6 +488,8 @@ typedef struct {
#ifdef USE_SSL
+#define X509_NAME_MAXLEN 256
+
typedef struct {
PyObject_HEAD
PySocketSockObject *Socket; /* Socket on which we're layered */
@@ -495,8 +497,8 @@ typedef struct {
SSL* ssl;
X509* server_cert;
BIO* sbio;
- char server[256];
- char issuer[256];
+ char server[X509_NAME_MAXLEN];
+ char issuer[X509_NAME_MAXLEN];
} PySSLObject;
@@ -2563,8 +2565,8 @@ newPySSLObject(PySocketSockObject *Sock, char *key_file, char *cert_file)
errstr = "newPySSLObject error";
goto fail;
}
- memset(self->server, '\0', sizeof(char) * 256);
- memset(self->issuer, '\0', sizeof(char) * 256);
+ memset(self->server, '\0', sizeof(char) * X509_NAME_MAXLEN);
+ memset(self->issuer, '\0', sizeof(char) * X509_NAME_MAXLEN);
self->server_cert = NULL;
self->ssl = NULL;
self->ctx = NULL;
@@ -2612,9 +2614,9 @@ newPySSLObject(PySocketSockObject *Sock, char *key_file, char *cert_file)
if ((self->server_cert = SSL_get_peer_certificate(self->ssl))) {
X509_NAME_oneline(X509_get_subject_name(self->server_cert),
- self->server, 256);
+ self->server, X509_NAME_MAXLEN);
X509_NAME_oneline(X509_get_issuer_name(self->server_cert),
- self->issuer, 256);
+ self->issuer, X509_NAME_MAXLEN);
}
self->Socket = Sock;
Py_INCREF(self->Socket);
@@ -2647,31 +2649,23 @@ PySocket_ssl(PyObject *self, PyObject *args)
}
static char ssl_doc[] =
-"ssl(socket, keyfile, certfile) -> sslobject";
+"ssl(socket, [keyfile, certfile]) -> sslobject";
+
+/* SSL object methods */
static PyObject *
-PySSL_server(PySSLObject *self, PyObject *args)
+PySSL_server(PySSLObject *self)
{
return PyString_FromString(self->server);
}
static PyObject *
-PySSL_issuer(PySSLObject *self, PyObject *args)
+PySSL_issuer(PySSLObject *self)
{
return PyString_FromString(self->issuer);
}
-/* SSL object methods */
-
-static PyMethodDef PySSLMethods[] = {
- {"write", (PyCFunction)PySSL_SSLwrite, 1},
- {"read", (PyCFunction)PySSL_SSLread, 1},
- {"server", (PyCFunction)PySSL_server, 1},
- {"issuer", (PyCFunction)PySSL_issuer, 1},
- {NULL, NULL}
-};
-
static void PySSL_dealloc(PySSLObject *self)
{
if (self->server_cert) /* Possible not to have one? */
@@ -2684,82 +2678,88 @@ static void PySSL_dealloc(PySSLObject *self)
PyObject_Del(self);
}
-static PyObject *PySSL_getattr(PySSLObject *self, char *name)
-{
- return Py_FindMethod(PySSLMethods, (PyObject *)self, name);
-}
-
-staticforward PyTypeObject PySSL_Type = {
- PyObject_HEAD_INIT(NULL)
- 0, /*ob_size*/
- "SSL", /*tp_name*/
- sizeof(PySSLObject), /*tp_basicsize*/
- 0, /*tp_itemsize*/
- /* methods */
- (destructor)PySSL_dealloc, /*tp_dealloc*/
- 0, /*tp_print*/
- (getattrfunc)PySSL_getattr, /*tp_getattr*/
- 0, /*tp_setattr*/
- 0, /*tp_compare*/
- 0, /*tp_repr*/
- 0, /*tp_as_number*/
- 0, /*tp_as_sequence*/
- 0, /*tp_as_mapping*/
- 0, /*tp_hash*/
-};
-
-
-
static PyObject *PySSL_SSLwrite(PySSLObject *self, PyObject *args)
{
char *data;
- size_t len;
+ int len;
if (!PyArg_ParseTuple(args, "s#:write", &data, &len))
return NULL;
len = SSL_write(self->ssl, data, len);
- return PyInt_FromLong((long)len);
+ if (len > 0)
+ return PyInt_FromLong(len);
+ else
+ return PySSL_SetError(self->ssl, len);
}
+static char PySSL_SSLwrite_doc[] =
+"write(s) -> len\n\
+\n\
+Writes the string s into the SSL object. Returns the number\n\
+of bytes written.";
+
static PyObject *PySSL_SSLread(PySSLObject *self, PyObject *args)
{
PyObject *buf;
int count = 0;
int len = 1024;
- int res;
- PyArg_ParseTuple(args, "|i:read", &len);
+ if (!PyArg_ParseTuple(args, "|i:read", &len))
+ return NULL;
if (!(buf = PyString_FromStringAndSize((char *) 0, len)))
- return NULL; /* Error object should already be set */
+ return NULL;
count = SSL_read(self->ssl, PyString_AsString(buf), len);
- res = SSL_get_error(self->ssl, count);
-
- switch (res) {
- case SSL_ERROR_NONE:
- assert(count > 0);
- break;
- case SSL_ERROR_ZERO_RETURN: /* normal EOF */
- assert(count == 0);
- break;
- default:
- return PyErr_SetFromErrno(PySSLErrorObject);
- }
-
- fflush(stderr);
-
- if (count < 0) {
+ if (count <= 0) {
Py_DECREF(buf);
- return PyErr_SetFromErrno(PySSLErrorObject);
+ return PySSL_SetError(self->ssl, count);
}
-
if (count != len && _PyString_Resize(&buf, count) < 0)
return NULL;
return buf;
}
+static char PySSL_SSLread_doc[] =
+"read([len]) -> string\n\
+\n\
+Read up to len bytes from the SSL socket.";
+
+static PyMethodDef PySSLMethods[] = {
+ {"write", (PyCFunction)PySSL_SSLwrite, 1,
+ PySSL_SSLwrite_doc},
+ {"read", (PyCFunction)PySSL_SSLread, 1,
+ PySSL_SSLread_doc},
+ {"server", (PyNoArgsFunction)PySSL_server, METH_NOARGS},
+ {"issuer", (PyNoArgsFunction)PySSL_issuer, METH_NOARGS},
+ {NULL, NULL}
+};
+
+static PyObject *PySSL_getattr(PySSLObject *self, char *name)
+{
+ return Py_FindMethod(PySSLMethods, (PyObject *)self, name);
+}
+
+staticforward PyTypeObject PySSL_Type = {
+ PyObject_HEAD_INIT(NULL)
+ 0, /*ob_size*/
+ "SSL", /*tp_name*/
+ sizeof(PySSLObject), /*tp_basicsize*/
+ 0, /*tp_itemsize*/
+ /* methods */
+ (destructor)PySSL_dealloc, /*tp_dealloc*/
+ 0, /*tp_print*/
+ (getattrfunc)PySSL_getattr, /*tp_getattr*/
+ 0, /*tp_setattr*/
+ 0, /*tp_compare*/
+ 0, /*tp_repr*/
+ 0, /*tp_as_number*/
+ 0, /*tp_as_sequence*/
+ 0, /*tp_as_mapping*/
+ 0, /*tp_hash*/
+};
+
#endif /* USE_SSL */