[Python-checkins] bpo-339827: Do not swallow exceptions in the _ssl module. (GH-12756)
Serhiy Storchaka
webhook-mailer at python.org
Fri May 31 03:39:36 EDT 2019
https://github.com/python/cpython/commit/65fb2c08c0d66fcf96fb1eb06270feadec830866
commit: 65fb2c08c0d66fcf96fb1eb06270feadec830866
branch: master
author: Serhiy Storchaka <storchaka at gmail.com>
committer: GitHub <noreply at github.com>
date: 2019-05-31T10:39:15+03:00
summary:
bpo-339827: Do not swallow exceptions in the _ssl module. (GH-12756)
files:
M Modules/_ssl.c
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 755097256acb..4fb7dca9bb04 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -590,19 +590,18 @@ fill_and_set_sslerror(PySSLSocket *sslsock, PyObject *type, int ssl_errno,
key = Py_BuildValue("ii", lib, reason);
if (key == NULL)
goto fail;
- reason_obj = PyDict_GetItem(err_codes_to_names, key);
+ reason_obj = PyDict_GetItemWithError(err_codes_to_names, key);
Py_DECREF(key);
- if (reason_obj == NULL) {
- /* XXX if reason < 100, it might reflect a library number (!!) */
- PyErr_Clear();
+ if (reason_obj == NULL && PyErr_Occurred()) {
+ goto fail;
}
key = PyLong_FromLong(lib);
if (key == NULL)
goto fail;
- lib_obj = PyDict_GetItem(lib_codes_to_names, key);
+ lib_obj = PyDict_GetItemWithError(lib_codes_to_names, key);
Py_DECREF(key);
- if (lib_obj == NULL) {
- PyErr_Clear();
+ if (lib_obj == NULL && PyErr_Occurred()) {
+ goto fail;
}
if (errstr == NULL)
errstr = ERR_reason_error_string(errcode);
@@ -3682,7 +3681,7 @@ _pwinfo_set(_PySSLPasswordInfo *pw_info, PyObject* password,
Py_ssize_t size;
if (PyUnicode_Check(password)) {
- password_bytes = PyUnicode_AsEncodedString(password, NULL, NULL);
+ password_bytes = PyUnicode_AsUTF8String(password);
if (!password_bytes) {
goto error;
}
@@ -3787,13 +3786,17 @@ _ssl__SSLContext_load_cert_chain_impl(PySSLContext *self, PyObject *certfile,
if (keyfile == Py_None)
keyfile = NULL;
if (!PyUnicode_FSConverter(certfile, &certfile_bytes)) {
- PyErr_SetString(PyExc_TypeError,
- "certfile should be a valid filesystem path");
+ if (PyErr_ExceptionMatches(PyExc_TypeError)) {
+ PyErr_SetString(PyExc_TypeError,
+ "certfile should be a valid filesystem path");
+ }
return NULL;
}
if (keyfile && !PyUnicode_FSConverter(keyfile, &keyfile_bytes)) {
- PyErr_SetString(PyExc_TypeError,
- "keyfile should be a valid filesystem path");
+ if (PyErr_ExceptionMatches(PyExc_TypeError)) {
+ PyErr_SetString(PyExc_TypeError,
+ "keyfile should be a valid filesystem path");
+ }
goto error;
}
if (password && password != Py_None) {
@@ -3985,22 +3988,44 @@ _ssl__SSLContext_load_verify_locations_impl(PySSLContext *self,
goto error;
}
if (cafile && !PyUnicode_FSConverter(cafile, &cafile_bytes)) {
- PyErr_SetString(PyExc_TypeError,
- "cafile should be a valid filesystem path");
+ if (PyErr_ExceptionMatches(PyExc_TypeError)) {
+ PyErr_SetString(PyExc_TypeError,
+ "cafile should be a valid filesystem path");
+ }
goto error;
}
if (capath && !PyUnicode_FSConverter(capath, &capath_bytes)) {
- PyErr_SetString(PyExc_TypeError,
- "capath should be a valid filesystem path");
+ if (PyErr_ExceptionMatches(PyExc_TypeError)) {
+ PyErr_SetString(PyExc_TypeError,
+ "capath should be a valid filesystem path");
+ }
goto error;
}
/* validata cadata type and load cadata */
if (cadata) {
- Py_buffer buf;
- PyObject *cadata_ascii = NULL;
-
- if (PyObject_GetBuffer(cadata, &buf, PyBUF_SIMPLE) == 0) {
+ if (PyUnicode_Check(cadata)) {
+ PyObject *cadata_ascii = PyUnicode_AsASCIIString(cadata);
+ if (cadata_ascii == NULL) {
+ if (PyErr_ExceptionMatches(PyExc_UnicodeEncodeError)) {
+ goto invalid_cadata;
+ }
+ goto error;
+ }
+ r = _add_ca_certs(self,
+ PyBytes_AS_STRING(cadata_ascii),
+ PyBytes_GET_SIZE(cadata_ascii),
+ SSL_FILETYPE_PEM);
+ Py_DECREF(cadata_ascii);
+ if (r == -1) {
+ goto error;
+ }
+ }
+ else if (PyObject_CheckBuffer(cadata)) {
+ Py_buffer buf;
+ if (PyObject_GetBuffer(cadata, &buf, PyBUF_SIMPLE)) {
+ goto error;
+ }
if (!PyBuffer_IsContiguous(&buf, 'C') || buf.ndim > 1) {
PyBuffer_Release(&buf);
PyErr_SetString(PyExc_TypeError,
@@ -4013,23 +4038,13 @@ _ssl__SSLContext_load_verify_locations_impl(PySSLContext *self,
if (r == -1) {
goto error;
}
- } else {
- PyErr_Clear();
- cadata_ascii = PyUnicode_AsASCIIString(cadata);
- if (cadata_ascii == NULL) {
- PyErr_SetString(PyExc_TypeError,
- "cadata should be an ASCII string or a "
- "bytes-like object");
- goto error;
- }
- r = _add_ca_certs(self,
- PyBytes_AS_STRING(cadata_ascii),
- PyBytes_GET_SIZE(cadata_ascii),
- SSL_FILETYPE_PEM);
- Py_DECREF(cadata_ascii);
- if (r == -1) {
- goto error;
- }
+ }
+ else {
+ invalid_cadata:
+ PyErr_SetString(PyExc_TypeError,
+ "cadata should be an ASCII string or a "
+ "bytes-like object");
+ goto error;
}
}
More information about the Python-checkins
mailing list