[Python-checkins] [3.12] gh-105375: Harden _ssl initialisation (GH-105599) (#105642)
erlend-aasland
webhook-mailer at python.org
Sun Jun 11 06:26:59 EDT 2023
https://github.com/python/cpython/commit/85a1a0983f7e7b6a5f35cf253d1edf5aee35795d
commit: 85a1a0983f7e7b6a5f35cf253d1edf5aee35795d
branch: 3.12
author: Miss Islington (bot) <31488909+miss-islington at users.noreply.github.com>
committer: erlend-aasland <erlend.aasland at protonmail.com>
date: 2023-06-11T10:26:52Z
summary:
[3.12] gh-105375: Harden _ssl initialisation (GH-105599) (#105642)
Add proper error handling to prevent reference leaks and overwritten
exceptions.
(cherry picked from commit 01f4230460454d4a849a5ba93320142c1a0c93a8)
Co-authored-by: Erlend E. Aasland <erlend.aasland at protonmail.com>
files:
A Misc/NEWS.d/next/Library/2023-06-09-22-16-46.gh-issue-105375.EgVJOP.rst
M Modules/_ssl.c
diff --git a/Misc/NEWS.d/next/Library/2023-06-09-22-16-46.gh-issue-105375.EgVJOP.rst b/Misc/NEWS.d/next/Library/2023-06-09-22-16-46.gh-issue-105375.EgVJOP.rst
new file mode 100644
index 000000000000..49f7df68e927
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2023-06-09-22-16-46.gh-issue-105375.EgVJOP.rst
@@ -0,0 +1,2 @@
+Fix bugs in :mod:`!_ssl` initialisation which could lead to leaked
+references and overwritten exceptions.
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index de90a4a168d2..7a13821f9d7b 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -6001,15 +6001,21 @@ sslmodule_init_errorcodes(PyObject *module)
errcode = error_codes;
while (errcode->mnemonic != NULL) {
- PyObject *mnemo, *key;
- mnemo = PyUnicode_FromString(errcode->mnemonic);
- key = Py_BuildValue("ii", errcode->library, errcode->reason);
- if (mnemo == NULL || key == NULL)
+ PyObject *mnemo = PyUnicode_FromString(errcode->mnemonic);
+ if (mnemo == NULL) {
return -1;
- if (PyDict_SetItem(state->err_codes_to_names, key, mnemo))
+ }
+ PyObject *key = Py_BuildValue("ii", errcode->library, errcode->reason);
+ if (key == NULL) {
+ Py_DECREF(mnemo);
return -1;
+ }
+ int rc = PyDict_SetItem(state->err_codes_to_names, key, mnemo);
Py_DECREF(key);
Py_DECREF(mnemo);
+ if (rc < 0) {
+ return -1;
+ }
errcode++;
}
More information about the Python-checkins
mailing list