summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Lib/test/test_socket.py7
-rw-r--r--Misc/NEWS2
-rw-r--r--Modules/socketmodule.c17
3 files changed, 21 insertions, 5 deletions
diff --git a/Lib/test/test_socket.py b/Lib/test/test_socket.py
index 84f1359..b521521 100644
--- a/Lib/test/test_socket.py
+++ b/Lib/test/test_socket.py
@@ -583,6 +583,13 @@ class BasicUDPTest(ThreadedUDPSocketTest):
def _testRecvFrom(self):
self.cli.sendto(MSG, 0, (HOST, PORT))
+ def testRecvFromNegative(self):
+ # Negative lengths passed to recvfrom should give ValueError.
+ self.assertRaises(ValueError, self.serv.recvfrom, -1)
+
+ def _testRecvFromNegative(self):
+ self.cli.sendto(MSG, 0, (HOST, PORT))
+
class TCPCloserTest(ThreadedTCPSocketTest):
def testClose(self):
diff --git a/Misc/NEWS b/Misc/NEWS
index 5ac9a81..77aa414 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -134,6 +134,8 @@ Core and builtins
Extension Modules
-----------------
+- Bug #1688393: Prevent crash in socket.recvfrom if length is negative.
+
- Bug #1622896: fix a rare corner case where the bz2 module raised an
error in spite of a succesful compression.
diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c
index 9f83327..f4d2ae6 100644
--- a/Modules/socketmodule.c
+++ b/Modules/socketmodule.c
@@ -2356,14 +2356,14 @@ sock_recv_into(PySocketSockObject *s, PyObject *args, PyObject *kwds)
int buflen;
/* Get the buffer's memory */
- if (!PyArg_ParseTupleAndKeywords(args, kwds, "w#|ii:recv", kwlist,
+ if (!PyArg_ParseTupleAndKeywords(args, kwds, "w#|ii:recv_into", kwlist,
&buf, &buflen, &recvlen, &flags))
return NULL;
assert(buf != 0 && buflen > 0);
if (recvlen < 0) {
PyErr_SetString(PyExc_ValueError,
- "negative buffersize in recv");
+ "negative buffersize in recv_into");
return NULL;
}
if (recvlen == 0) {
@@ -2479,6 +2479,12 @@ sock_recvfrom(PySocketSockObject *s, PyObject *args)
if (!PyArg_ParseTuple(args, "i|i:recvfrom", &recvlen, &flags))
return NULL;
+ if (recvlen < 0) {
+ PyErr_SetString(PyExc_ValueError,
+ "negative buffersize in recvfrom");
+ return NULL;
+ }
+
buf = PyString_FromStringAndSize((char *) 0, recvlen);
if (buf == NULL)
return NULL;
@@ -2525,14 +2531,15 @@ sock_recvfrom_into(PySocketSockObject *s, PyObject *args, PyObject* kwds)
PyObject *addr = NULL;
- if (!PyArg_ParseTupleAndKeywords(args, kwds, "w#|ii:recvfrom", kwlist,
- &buf, &buflen, &recvlen, &flags))
+ if (!PyArg_ParseTupleAndKeywords(args, kwds, "w#|ii:recvfrom_into",
+ kwlist, &buf, &buflen,
+ &recvlen, &flags))
return NULL;
assert(buf != 0 && buflen > 0);
if (recvlen < 0) {
PyErr_SetString(PyExc_ValueError,
- "negative buffersize in recv");
+ "negative buffersize in recvfrom_into");
return NULL;
}
if (recvlen == 0) {