diff options
-rw-r--r-- | Lib/test/test_socket.py | 7 | ||||
-rw-r--r-- | Misc/NEWS | 2 | ||||
-rw-r--r-- | Modules/socketmodule.c | 17 |
3 files changed, 21 insertions, 5 deletions
diff --git a/Lib/test/test_socket.py b/Lib/test/test_socket.py index 84f1359..b521521 100644 --- a/Lib/test/test_socket.py +++ b/Lib/test/test_socket.py @@ -583,6 +583,13 @@ class BasicUDPTest(ThreadedUDPSocketTest): def _testRecvFrom(self): self.cli.sendto(MSG, 0, (HOST, PORT)) + def testRecvFromNegative(self): + # Negative lengths passed to recvfrom should give ValueError. + self.assertRaises(ValueError, self.serv.recvfrom, -1) + + def _testRecvFromNegative(self): + self.cli.sendto(MSG, 0, (HOST, PORT)) + class TCPCloserTest(ThreadedTCPSocketTest): def testClose(self): @@ -134,6 +134,8 @@ Core and builtins Extension Modules ----------------- +- Bug #1688393: Prevent crash in socket.recvfrom if length is negative. + - Bug #1622896: fix a rare corner case where the bz2 module raised an error in spite of a succesful compression. diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c index 9f83327..f4d2ae6 100644 --- a/Modules/socketmodule.c +++ b/Modules/socketmodule.c @@ -2356,14 +2356,14 @@ sock_recv_into(PySocketSockObject *s, PyObject *args, PyObject *kwds) int buflen; /* Get the buffer's memory */ - if (!PyArg_ParseTupleAndKeywords(args, kwds, "w#|ii:recv", kwlist, + if (!PyArg_ParseTupleAndKeywords(args, kwds, "w#|ii:recv_into", kwlist, &buf, &buflen, &recvlen, &flags)) return NULL; assert(buf != 0 && buflen > 0); if (recvlen < 0) { PyErr_SetString(PyExc_ValueError, - "negative buffersize in recv"); + "negative buffersize in recv_into"); return NULL; } if (recvlen == 0) { @@ -2479,6 +2479,12 @@ sock_recvfrom(PySocketSockObject *s, PyObject *args) if (!PyArg_ParseTuple(args, "i|i:recvfrom", &recvlen, &flags)) return NULL; + if (recvlen < 0) { + PyErr_SetString(PyExc_ValueError, + "negative buffersize in recvfrom"); + return NULL; + } + buf = PyString_FromStringAndSize((char *) 0, recvlen); if (buf == NULL) return NULL; @@ -2525,14 +2531,15 @@ sock_recvfrom_into(PySocketSockObject *s, PyObject *args, PyObject* kwds) PyObject *addr = NULL; - if (!PyArg_ParseTupleAndKeywords(args, kwds, "w#|ii:recvfrom", kwlist, - &buf, &buflen, &recvlen, &flags)) + if (!PyArg_ParseTupleAndKeywords(args, kwds, "w#|ii:recvfrom_into", + kwlist, &buf, &buflen, + &recvlen, &flags)) return NULL; assert(buf != 0 && buflen > 0); if (recvlen < 0) { PyErr_SetString(PyExc_ValueError, - "negative buffersize in recv"); + "negative buffersize in recvfrom_into"); return NULL; } if (recvlen == 0) { |