summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBenjamin Peterson <benjamin@python.org>2015-11-12 06:14:08 (GMT)
committerBenjamin Peterson <benjamin@python.org>2015-11-12 06:14:08 (GMT)
commit86429bd1749e475145198b2d1498ef43b2597ab2 (patch)
treeff638d4c37dcbc897961f014f058b3390212b415
parenta99ab63d06f422efad1c6b4669b955172ef1f62a (diff)
parenteda06c8f5e7d7ed5ff79c2c5296253f8f14b7f28 (diff)
downloadcpython-86429bd1749e475145198b2d1498ef43b2597ab2.zip
cpython-86429bd1749e475145198b2d1498ef43b2597ab2.tar.gz
cpython-86429bd1749e475145198b2d1498ef43b2597ab2.tar.bz2
merge 3.5 (#25569)
-rw-r--r--Misc/NEWS2
-rw-r--r--Modules/_ssl.c52
2 files changed, 26 insertions, 28 deletions
diff --git a/Misc/NEWS b/Misc/NEWS
index 07cf60f..85dd158 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -229,6 +229,8 @@ Library
- Issue #24881: Fixed setting binary mode in Python implementation of FileIO
on Windows and Cygwin. Patch from Akira Li.
+- Issue #25569: Fix memory leak in SSLSocket.getpeercert().
+
- Issue #25471: Sockets returned from accept() shouldn't appear to be
nonblocking.
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 4f4379f..a918586 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -1067,25 +1067,23 @@ _get_aia_uri(X509 *certificate, int nid) {
static PyObject *
_get_crl_dp(X509 *certificate) {
STACK_OF(DIST_POINT) *dps;
- int i, j, result;
- PyObject *lst;
+ int i, j;
+ PyObject *lst, *res = NULL;
#if OPENSSL_VERSION_NUMBER < 0x10001000L
- dps = X509_get_ext_d2i(certificate, NID_crl_distribution_points,
- NULL, NULL);
+ dps = X509_get_ext_d2i(certificate, NID_crl_distribution_points, NULL, NULL);
#else
/* Calls x509v3_cache_extensions and sets up crldp */
X509_check_ca(certificate);
dps = certificate->crldp;
#endif
- if (dps == NULL) {
+ if (dps == NULL)
return Py_None;
- }
- if ((lst = PyList_New(0)) == NULL) {
- return NULL;
- }
+ lst = PyList_New(0);
+ if (lst == NULL)
+ goto done;
for (i=0; i < sk_DIST_POINT_num(dps); i++) {
DIST_POINT *dp;
@@ -1098,6 +1096,7 @@ _get_crl_dp(X509 *certificate) {
GENERAL_NAME *gn;
ASN1_IA5STRING *uri;
PyObject *ouri;
+ int err;
gn = sk_GENERAL_NAME_value(gns, j);
if (gn->type != GEN_URI) {
@@ -1106,28 +1105,25 @@ _get_crl_dp(X509 *certificate) {
uri = gn->d.uniformResourceIdentifier;
ouri = PyUnicode_FromStringAndSize((char *)uri->data,
uri->length);
- if (ouri == NULL) {
- Py_DECREF(lst);
- return NULL;
- }
- result = PyList_Append(lst, ouri);
+ if (ouri == NULL)
+ goto done;
+
+ err = PyList_Append(lst, ouri);
Py_DECREF(ouri);
- if (result < 0) {
- Py_DECREF(lst);
- return NULL;
- }
+ if (err < 0)
+ goto done;
}
}
- /* convert to tuple or None */
- if (PyList_Size(lst) == 0) {
- Py_DECREF(lst);
- return Py_None;
- } else {
- PyObject *tup;
- tup = PyList_AsTuple(lst);
- Py_DECREF(lst);
- return tup;
- }
+
+ /* Convert to tuple. */
+ res = (PyList_GET_SIZE(lst) > 0) ? PyList_AsTuple(lst) : Py_None;
+
+ done:
+ Py_XDECREF(lst);
+#if OPENSSL_VERSION_NUMBER < 0x10001000L
+ sk_DIST_POINT_free(dsp);
+#endif
+ return res;
}
static PyObject *