(Merge 3.3) Issue #18135: ssl.SSLSocket.write() now raises an OverflowError if

the input string in longer than 2 gigabytes, and
ssl.SSLContext.load_cert_chain() raises a ValueError if the password is longer
than 2 gigabytes. The ssl module does not support partial write.

1 files changed, 7 insertions, 2 deletions

diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index dce84c0..4208cb0 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -1338,6 +1338,12 @@ static PyObject *PySSL_SSLwrite(PySSLSocket *self, PyObject *args)
         return NULL;
     }
 
+    if (buf.len > INT_MAX) {
+        PyErr_Format(PyExc_OverflowError,
+                     "string longer than %d bytes", INT_MAX);
+        goto error;
+    }
+
     /* just in case the blocking state of the socket has been changed */
     nonblocking = (sock->sock_timeout >= 0.0);
     BIO_set_nbio(SSL_get_rbio(self->ssl), nonblocking);
@@ -1358,9 +1364,8 @@ static PyObject *PySSL_SSLwrite(PySSLSocket *self, PyObject *args)
         goto error;
     }
     do {
-        len = (int)Py_MIN(buf.len, INT_MAX);
         PySSL_BEGIN_ALLOW_THREADS
-        len = SSL_write(self->ssl, buf.buf, len);
+        len = SSL_write(self->ssl, buf.buf, (int)buf.len);
         err = SSL_get_error(self->ssl, len);
         PySSL_END_ALLOW_THREADS
         if (PyErr_CheckSignals()) {