(Merge 3.3) Issue #20025: ssl.RAND_bytes() and ssl.RAND_pseudo_bytes() now

vstinner · vstinner · commit 36e96b87165c · 2013-12-19T16:47:25.000+01:00
raise a ValueError if num is negative (instead of raising a SystemError).
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
@@ -150,6 +150,10 @@ def test_random(self):
         else:
             self.assertRaises(ssl.SSLError, ssl.RAND_bytes, 16)
 
+        # negative num is invalid
+        self.assertRaises(ValueError, ssl.RAND_bytes, -5)
+        self.assertRaises(ValueError, ssl.RAND_pseudo_bytes, -5)
+
         self.assertRaises(TypeError, ssl.RAND_egd, 1)
         self.assertRaises(TypeError, ssl.RAND_egd, 'foo', 1)
         ssl.RAND_add("this is a random string", 75.0)
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
@@ -3244,6 +3244,11 @@ PySSL_RAND(int len, int pseudo)
     const char *errstr;
     PyObject *v;
 
+    if (len < 0) {
+        PyErr_SetString(PyExc_ValueError, "num must be positive");
+        return NULL;
+    }
+
     bytes = PyBytes_FromStringAndSize(NULL, len);
     if (bytes == NULL)
         return NULL;
