summaryrefslogtreecommitdiffstats
path: root/Modules/socketmodule.c
diff options
context:
space:
mode:
authorBenjamin Peterson <benjamin@python.org>2014-01-14 03:59:38 (GMT)
committerBenjamin Peterson <benjamin@python.org>2014-01-14 03:59:38 (GMT)
commitfbf648ebba32bbc5aa571a4b09e2062a65fd2492 (patch)
tree7d43948ea60cfe21b4db5007f8afd6700b230264 /Modules/socketmodule.c
parentf60b7df9f8dd1df21921aa124a30bfd4fe9714b2 (diff)
downloadcpython-fbf648ebba32bbc5aa571a4b09e2062a65fd2492.zip
cpython-fbf648ebba32bbc5aa571a4b09e2062a65fd2492.tar.gz
cpython-fbf648ebba32bbc5aa571a4b09e2062a65fd2492.tar.bz2
complain when nbytes > buflen to fix possible buffer overflow (closes #20246)
Diffstat (limited to 'Modules/socketmodule.c')
-rw-r--r--Modules/socketmodule.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c
index e027625..903e10c 100644
--- a/Modules/socketmodule.c
+++ b/Modules/socketmodule.c
@@ -2598,6 +2598,11 @@ sock_recvfrom_into(PySocketSockObject *s, PyObject *args, PyObject* kwds)
if (recvlen == 0) {
/* If nbytes was not specified, use the buffer's length */
recvlen = buflen;
+ } else if (recvlen > buflen) {
+ PyBuffer_Release(&pbuf);
+ PyErr_SetString(PyExc_ValueError,
+ "nbytes is greater than the length of the buffer");
+ return NULL;
}
readlen = sock_recvfrom_guts(s, buf, recvlen, flags, &addr);