complain when nbytes > buflen to fix possible buffer overflow (closes #20246)

author: Benjamin Peterson <benjamin@python.org> 2014-01-14 03:59:38 (GMT)
committer: Benjamin Peterson <benjamin@python.org> 2014-01-14 03:59:38 (GMT)
commit: fbf648ebba32bbc5aa571a4b09e2062a65fd2492 (patch)
tree: 7d43948ea60cfe21b4db5007f8afd6700b230264 /Modules
parent: f60b7df9f8dd1df21921aa124a30bfd4fe9714b2 (diff)
download: cpython-fbf648ebba32bbc5aa571a4b09e2062a65fd2492.zip
cpython-fbf648ebba32bbc5aa571a4b09e2062a65fd2492.tar.gz
cpython-fbf648ebba32bbc5aa571a4b09e2062a65fd2492.tar.bz2
1 files changed, 5 insertions, 0 deletions
diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c
index e027625..903e10c 100644
--- a/Modules/socketmodule.c
+++ b/Modules/socketmodule.c
@@ -2598,6 +2598,11 @@ sock_recvfrom_into(PySocketSockObject *s, PyObject *args, PyObject* kwds)
     if (recvlen == 0) {
         /* If nbytes was not specified, use the buffer's length */
         recvlen = buflen;
+    } else if (recvlen > buflen) {
+        PyBuffer_Release(&pbuf);
+        PyErr_SetString(PyExc_ValueError,
+                        "nbytes is greater than the length of the buffer");
+        return NULL;
     }
 
     readlen = sock_recvfrom_guts(s, buf, recvlen, flags, &addr);
author	Benjamin Peterson <benjamin@python.org>	2014-01-14 03:59:38 (GMT)
committer	Benjamin Peterson <benjamin@python.org>	2014-01-14 03:59:38 (GMT)
commit	fbf648ebba32bbc5aa571a4b09e2062a65fd2492 (patch)
tree	7d43948ea60cfe21b4db5007f8afd6700b230264 /Modules
parent	f60b7df9f8dd1df21921aa124a30bfd4fe9714b2 (diff)
download	cpython-fbf648ebba32bbc5aa571a4b09e2062a65fd2492.zip cpython-fbf648ebba32bbc5aa571a4b09e2062a65fd2492.tar.gz cpython-fbf648ebba32bbc5aa571a4b09e2062a65fd2492.tar.bz2