diff options
| author | Serhiy Storchaka <storchaka@gmail.com> | 2019-05-31 07:39:15 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-05-31 07:39:15 (GMT) |
| commit | 65fb2c08c0d66fcf96fb1eb06270feadec830866 (patch) | |
| tree | 7ec8e6911121a3f2682e4a4a566985eca7468fbf /Modules/_ssl.c | |
| parent | 530f506ac91338b55cf2be71b1cdf50cb077512f (diff) | |
| download | cpython-65fb2c08c0d66fcf96fb1eb06270feadec830866.zip cpython-65fb2c08c0d66fcf96fb1eb06270feadec830866.tar.gz cpython-65fb2c08c0d66fcf96fb1eb06270feadec830866.tar.bz2 | |
bpo-339827: Do not swallow exceptions in the _ssl module. (GH-12756)
Diffstat (limited to 'Modules/_ssl.c')
| -rw-r--r-- | Modules/_ssl.c | 89 |
1 files changed, 52 insertions, 37 deletions
diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 7550972..4fb7dca 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -590,19 +590,18 @@ fill_and_set_sslerror(PySSLSocket *sslsock, PyObject *type, int ssl_errno, key = Py_BuildValue("ii", lib, reason); if (key == NULL) goto fail; - reason_obj = PyDict_GetItem(err_codes_to_names, key); + reason_obj = PyDict_GetItemWithError(err_codes_to_names, key); Py_DECREF(key); - if (reason_obj == NULL) { - /* XXX if reason < 100, it might reflect a library number (!!) */ - PyErr_Clear(); + if (reason_obj == NULL && PyErr_Occurred()) { + goto fail; } key = PyLong_FromLong(lib); if (key == NULL) goto fail; - lib_obj = PyDict_GetItem(lib_codes_to_names, key); + lib_obj = PyDict_GetItemWithError(lib_codes_to_names, key); Py_DECREF(key); - if (lib_obj == NULL) { - PyErr_Clear(); + if (lib_obj == NULL && PyErr_Occurred()) { + goto fail; } if (errstr == NULL) errstr = ERR_reason_error_string(errcode); @@ -3682,7 +3681,7 @@ _pwinfo_set(_PySSLPasswordInfo *pw_info, PyObject* password, Py_ssize_t size; if (PyUnicode_Check(password)) { - password_bytes = PyUnicode_AsEncodedString(password, NULL, NULL); + password_bytes = PyUnicode_AsUTF8String(password); if (!password_bytes) { goto error; } @@ -3787,13 +3786,17 @@ _ssl__SSLContext_load_cert_chain_impl(PySSLContext *self, PyObject *certfile, if (keyfile == Py_None) keyfile = NULL; if (!PyUnicode_FSConverter(certfile, &certfile_bytes)) { - PyErr_SetString(PyExc_TypeError, - "certfile should be a valid filesystem path"); + if (PyErr_ExceptionMatches(PyExc_TypeError)) { + PyErr_SetString(PyExc_TypeError, + "certfile should be a valid filesystem path"); + } return NULL; } if (keyfile && !PyUnicode_FSConverter(keyfile, &keyfile_bytes)) { - PyErr_SetString(PyExc_TypeError, - "keyfile should be a valid filesystem path"); + if (PyErr_ExceptionMatches(PyExc_TypeError)) { + PyErr_SetString(PyExc_TypeError, + "keyfile should be a valid filesystem path"); + } goto error; } if (password && password != Py_None) { @@ -3985,22 +3988,44 @@ _ssl__SSLContext_load_verify_locations_impl(PySSLContext *self, goto error; } if (cafile && !PyUnicode_FSConverter(cafile, &cafile_bytes)) { - PyErr_SetString(PyExc_TypeError, - "cafile should be a valid filesystem path"); + if (PyErr_ExceptionMatches(PyExc_TypeError)) { + PyErr_SetString(PyExc_TypeError, + "cafile should be a valid filesystem path"); + } goto error; } if (capath && !PyUnicode_FSConverter(capath, &capath_bytes)) { - PyErr_SetString(PyExc_TypeError, - "capath should be a valid filesystem path"); + if (PyErr_ExceptionMatches(PyExc_TypeError)) { + PyErr_SetString(PyExc_TypeError, + "capath should be a valid filesystem path"); + } goto error; } /* validata cadata type and load cadata */ if (cadata) { - Py_buffer buf; - PyObject *cadata_ascii = NULL; - - if (PyObject_GetBuffer(cadata, &buf, PyBUF_SIMPLE) == 0) { + if (PyUnicode_Check(cadata)) { + PyObject *cadata_ascii = PyUnicode_AsASCIIString(cadata); + if (cadata_ascii == NULL) { + if (PyErr_ExceptionMatches(PyExc_UnicodeEncodeError)) { + goto invalid_cadata; + } + goto error; + } + r = _add_ca_certs(self, + PyBytes_AS_STRING(cadata_ascii), + PyBytes_GET_SIZE(cadata_ascii), + SSL_FILETYPE_PEM); + Py_DECREF(cadata_ascii); + if (r == -1) { + goto error; + } + } + else if (PyObject_CheckBuffer(cadata)) { + Py_buffer buf; + if (PyObject_GetBuffer(cadata, &buf, PyBUF_SIMPLE)) { + goto error; + } if (!PyBuffer_IsContiguous(&buf, 'C') || buf.ndim > 1) { PyBuffer_Release(&buf); PyErr_SetString(PyExc_TypeError, @@ -4013,23 +4038,13 @@ _ssl__SSLContext_load_verify_locations_impl(PySSLContext *self, if (r == -1) { goto error; } - } else { - PyErr_Clear(); - cadata_ascii = PyUnicode_AsASCIIString(cadata); - if (cadata_ascii == NULL) { - PyErr_SetString(PyExc_TypeError, - "cadata should be an ASCII string or a " - "bytes-like object"); - goto error; - } - r = _add_ca_certs(self, - PyBytes_AS_STRING(cadata_ascii), - PyBytes_GET_SIZE(cadata_ascii), - SSL_FILETYPE_PEM); - Py_DECREF(cadata_ascii); - if (r == -1) { - goto error; - } + } + else { + invalid_cadata: + PyErr_SetString(PyExc_TypeError, + "cadata should be an ASCII string or a " + "bytes-like object"); + goto error; } } |