From e2efb0a3c573bce7cef6d9d821a27417f7bce578 Mon Sep 17 00:00:00 2001 From: Segev Finer Date: Thu, 29 Jun 2017 22:22:46 +0300 Subject: [PATCH 1/3] bpo-9566: Fixed some _ssl warnings --- Modules/_ssl.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Modules/_ssl.c b/Modules/_ssl.c index a79a7470d20a3a..65b1ee8d5938ea 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -1555,7 +1555,7 @@ cipher_to_dict(const SSL_CIPHER *cipher) cipher_protocol = SSL_CIPHER_get_version(cipher); cipher_id = SSL_CIPHER_get_id(cipher); SSL_CIPHER_description(cipher, buf, sizeof(buf) - 1); - len = strlen(buf); + len = (int)strlen(buf); if (len > 1 && buf[len-1] == '\n') buf[len-1] = '\0'; strength_bits = SSL_CIPHER_get_bits(cipher, &alg_bits); @@ -4073,7 +4073,7 @@ memory_bio_dealloc(PySSLMemoryBIO *self) static PyObject * memory_bio_get_pending(PySSLMemoryBIO *self, void *c) { - return PyLong_FromLong(BIO_ctrl_pending(self->bio)); + return PyLong_FromSize_t(BIO_ctrl_pending(self->bio)); } PyDoc_STRVAR(PySSL_memory_bio_pending_doc, @@ -4109,7 +4109,7 @@ _ssl_MemoryBIO_read_impl(PySSLMemoryBIO *self, int len) int avail, nbytes; PyObject *result; - avail = BIO_ctrl_pending(self->bio); + avail = (int)BIO_ctrl_pending(self->bio); if ((len < 0) || (len > avail)) len = avail; From 1793f48af9af1a1fdc2c0735a55344cd01bd4bc7 Mon Sep 17 00:00:00 2001 From: Segev Finer Date: Fri, 30 Jun 2017 11:45:53 +0300 Subject: [PATCH 2/3] bpo-9566: _ssl: Fixup the fixes and also fix the remainings warnings --- Modules/_ssl.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 65b1ee8d5938ea..cac631761160cc 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -285,7 +285,7 @@ typedef struct { #endif #ifdef HAVE_ALPN unsigned char *alpn_protocols; - int alpn_protocols_len; + unsigned int alpn_protocols_len; #endif #ifndef OPENSSL_NO_TLSEXT PyObject *set_hostname; @@ -2939,12 +2939,18 @@ _ssl__SSLContext__set_alpn_protocols_impl(PySSLContext *self, /*[clinic end generated code: output=87599a7f76651a9b input=9bba964595d519be]*/ { #ifdef HAVE_ALPN + if (protos->len > UINT_MAX) { + PyErr_Format(PyExc_OverflowError, + "protocols longer than %d bytes", UINT_MAX); + return NULL; + } + PyMem_FREE(self->alpn_protocols); self->alpn_protocols = PyMem_Malloc(protos->len); if (!self->alpn_protocols) return PyErr_NoMemory(); memcpy(self->alpn_protocols, protos->buf, protos->len); - self->alpn_protocols_len = protos->len; + self->alpn_protocols_len = (unsigned int)protos->len; if (SSL_CTX_set_alpn_protos(self->ctx, self->alpn_protocols, self->alpn_protocols_len)) return PyErr_NoMemory(); @@ -4109,7 +4115,7 @@ _ssl_MemoryBIO_read_impl(PySSLMemoryBIO *self, int len) int avail, nbytes; PyObject *result; - avail = (int)BIO_ctrl_pending(self->bio); + avail = (int)Py_MIN(BIO_ctrl_pending(self->bio), INT_MAX); if ((len < 0) || (len > avail)) len = avail; @@ -4155,7 +4161,7 @@ _ssl_MemoryBIO_write_impl(PySSLMemoryBIO *self, Py_buffer *b) return NULL; } - nbytes = BIO_write(self->bio, b->buf, b->len); + nbytes = BIO_write(self->bio, b->buf, (int)b->len); if (nbytes < 0) { _setSSLError(NULL, 0, __FILE__, __LINE__); return NULL; From e8380af3188326748fcec8d8c8a68f9de921d655 Mon Sep 17 00:00:00 2001 From: Segev Finer Date: Wed, 26 Jul 2017 19:14:30 +0300 Subject: [PATCH 3/3] Add a comment about the downcast --- Modules/_ssl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/Modules/_ssl.c b/Modules/_ssl.c index cac631761160cc..9f1c2131fbc88c 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -1555,6 +1555,7 @@ cipher_to_dict(const SSL_CIPHER *cipher) cipher_protocol = SSL_CIPHER_get_version(cipher); cipher_id = SSL_CIPHER_get_id(cipher); SSL_CIPHER_description(cipher, buf, sizeof(buf) - 1); + /* Downcast to avoid a warning. Safe since buf is always 512 bytes */ len = (int)strlen(buf); if (len > 1 && buf[len-1] == '\n') buf[len-1] = '\0';