diff options
| author | Christian Heimes <christian@python.org> | 2021-04-09 13:23:38 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-04-09 13:23:38 (GMT) |
| commit | d3b73f32ef7c693a6ae8c54eb0e62df3b5315caf (patch) | |
| tree | c2894776911d3bc7feec987f7d5167174c649e54 | |
| parent | bd88ccb943c0ea672c14a87e76157fade4feae11 (diff) | |
| download | cpython-d3b73f32ef7c693a6ae8c54eb0e62df3b5315caf.zip cpython-d3b73f32ef7c693a6ae8c54eb0e62df3b5315caf.tar.gz cpython-d3b73f32ef7c693a6ae8c54eb0e62df3b5315caf.tar.bz2 | |
bpo-43789: OpenSSL 3.0.0 Don't call passwd callback again in error case (GH-25303)
| -rw-r--r-- | Misc/NEWS.d/next/Library/2021-04-09-14-08-03.bpo-43789.eaHlAm.rst | 2 | ||||
| -rw-r--r-- | Modules/_ssl.c | 7 |
2 files changed, 9 insertions, 0 deletions
diff --git a/Misc/NEWS.d/next/Library/2021-04-09-14-08-03.bpo-43789.eaHlAm.rst b/Misc/NEWS.d/next/Library/2021-04-09-14-08-03.bpo-43789.eaHlAm.rst new file mode 100644 index 0000000..1c08529 --- /dev/null +++ b/Misc/NEWS.d/next/Library/2021-04-09-14-08-03.bpo-43789.eaHlAm.rst @@ -0,0 +1,2 @@ +OpenSSL 3.0.0: Don't call the password callback function a second time when +first call has signaled an error condition. diff --git a/Modules/_ssl.c b/Modules/_ssl.c index f3c3b20..94b06dd 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -3926,6 +3926,13 @@ _password_callback(char *buf, int size, int rwflag, void *userdata) PySSL_END_ALLOW_THREADS_S(pw_info->thread_state); + if (pw_info->error) { + /* already failed previously. OpenSSL 3.0.0-alpha14 invokes the + * callback multiple times which can lead to fatal Python error in + * exception check. */ + goto error; + } + if (pw_info->callable) { fn_ret = _PyObject_CallNoArg(pw_info->callable); if (!fn_ret) { |