diff options
author | Nathaniel J. Smith <njs@pobox.com> | 2017-06-08 06:30:43 (GMT) |
---|---|---|
committer | Serhiy Storchaka <storchaka@gmail.com> | 2017-06-08 06:30:43 (GMT) |
commit | 65ece7ca2366308fa91a39a8dfa255e6bdce3cca (patch) | |
tree | b3035bf1d4c922cc27d30340512b7b5942de768d | |
parent | 0ecdc525146ecec9d1549ebf59404c769637a512 (diff) | |
download | cpython-65ece7ca2366308fa91a39a8dfa255e6bdce3cca.zip cpython-65ece7ca2366308fa91a39a8dfa255e6bdce3cca.tar.gz cpython-65ece7ca2366308fa91a39a8dfa255e6bdce3cca.tar.bz2 |
bpo-30594: Fixed refcounting in newPySSLSocket (#1992)
If pass a server_hostname= that fails IDNA decoding to SSLContext.wrap_socket or SSLContext.wrap_bio, then the SSLContext object had a spurious Py_DECREF called on it, eventually leading to segfaults.
-rw-r--r-- | Modules/_ssl.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 147703c..d318b25 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -596,6 +596,7 @@ newPySSLSocket(PySSLContext *sslctx, PySocketSockObject *sock, self->ssl = NULL; self->Socket = NULL; self->ctx = sslctx; + Py_INCREF(sslctx); self->shutdown_seen_zero = 0; self->owner = NULL; self->server_hostname = NULL; @@ -609,8 +610,6 @@ newPySSLSocket(PySSLContext *sslctx, PySocketSockObject *sock, self->server_hostname = hostname; } - Py_INCREF(sslctx); - /* Make sure the SSL error state is initialized */ (void) ERR_get_state(); ERR_clear_error(); |