File CVE-2026-27459.patch of Package python-pyOpenSSL.43345

Index: pyOpenSSL-23.2.0/src/OpenSSL/SSL.py
===================================================================
--- pyOpenSSL-23.2.0.orig/src/OpenSSL/SSL.py
+++ pyOpenSSL-23.2.0/src/OpenSSL/SSL.py
@@ -670,11 +670,15 @@ class _CookieGenerateCallbackHelper(_Cal
     def __init__(self, callback):
         _CallbackExceptionHelper.__init__(self)
 
+        max_cookie_len = getattr(_lib, "DTLS1_COOKIE_LENGTH", 255)
+
         @wraps(callback)
         def wrapper(ssl, out, outlen):
             try:
                 conn = Connection._reverse_mapping[ssl]
                 cookie = callback(conn)
+                if len(cookie) > max_cookie_len:
+                    raise ValueError("Cookie too long (got %s bytes, max %s)" % (len(cookie), max_cookie_len))
                 out[0 : len(cookie)] = cookie
                 outlen[0] = len(cookie)
                 return 1
Index: pyOpenSSL-23.2.0/tests/test_ssl.py
===================================================================
--- pyOpenSSL-23.2.0.orig/tests/test_ssl.py
+++ pyOpenSSL-23.2.0/tests/test_ssl.py
@@ -4548,6 +4548,44 @@ class TestDTLS:
         except NotImplementedError:  # OpenSSL 1.1.0 and earlier
             pass
 
+    def test_cookie_generate_too_long(self):
+        s_ctx = Context(DTLS_METHOD)
+
+        def generate_cookie(ssl):
+            return b"\x00" * 256
+
+        def verify_cookie(ssl, cookie):
+            return True
+
+        s_ctx.set_cookie_generate_callback(generate_cookie)
+        s_ctx.set_cookie_verify_callback(verify_cookie)
+        s_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))
+        s_ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))
+        s_ctx.set_options(OP_NO_QUERY_MTU)
+        s = Connection(s_ctx)
+        s.set_accept_state()
+
+        c_ctx = Context(DTLS_METHOD)
+        c_ctx.set_options(OP_NO_QUERY_MTU)
+        c = Connection(c_ctx)
+        c.set_connect_state()
+
+        c.set_ciphertext_mtu(1500)
+        s.set_ciphertext_mtu(1500)
+
+        # Client sends ClientHello
+        try:
+            c.do_handshake()
+        except SSL.WantReadError:
+            pass
+        chunk = c.bio_read(self.LARGE_BUFFER)
+        s.bio_write(chunk)
+
+        # Server tries DTLSv1_listen, which triggers cookie generation.
+        # The oversized cookie should raise ValueError.
+        with pytest.raises(ValueError, match="Cookie too long"):
+            s.DTLSv1_listen()
+
     def test_timeout(self, monkeypatch):
         c_ctx = Context(DTLS_METHOD)
         c = Connection(c_ctx)