From b8089b4dde2986da237ee471c8f3645ec8a5975f Mon Sep 17 00:00:00 2001
From: Martin Panter <vadmium+py@gmail.com>
Date: Sun, 27 Mar 2016 05:35:19 +0000
Subject: Issue #26644: Raise ValueError for negative SSLSocket.recv() and
 read()

---
 Modules/_ssl.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'Modules/_ssl.c')

diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 8f34f955cf..23d4d5ceab 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -1695,6 +1695,10 @@ static PyObject *PySSL_SSLread(PySSLSocket *self, PyObject *args)
         goto error;
 
     if ((buf.buf == NULL) && (buf.obj == NULL)) {
+        if (len < 0) {
+            PyErr_SetString(PyExc_ValueError, "size should not be negative");
+            goto error;
+        }
         dest = PyBytes_FromStringAndSize(NULL, len);
         if (dest == NULL)
             goto error;
-- 
cgit v1.2.1