diff options
| author | Nathaniel J. Smith <njs@pobox.com> | 2017-06-08 11:14:40 (GMT) |
|---|---|---|
| committer | Serhiy Storchaka <storchaka@gmail.com> | 2017-06-08 11:14:40 (GMT) |
| commit | 854f7ba1d5cbb6a42511beae66c8dbe34f2cbcd3 (patch) | |
| tree | dc426dfe23a50d700d6f5d403d64dd7c1ed547db /Modules/_ssl.c | |
| parent | 2c7f927369922562adecd5c25ad55b4bf733f716 (diff) | |
| download | cpython-854f7ba1d5cbb6a42511beae66c8dbe34f2cbcd3.zip cpython-854f7ba1d5cbb6a42511beae66c8dbe34f2cbcd3.tar.gz cpython-854f7ba1d5cbb6a42511beae66c8dbe34f2cbcd3.tar.bz2 | |
[3.6] bpo-30594: Fixed refcounting in newPySSLSocket (GH-1992) (#1994)
If pass a server_hostname= that fails IDNA decoding to SSLContext.wrap_socket or SSLContext.wrap_bio, then the SSLContext object had a spurious Py_DECREF called on it, eventually leading to segfaults.
(cherry picked from commit 65ece7ca2366308fa91a39a8dfa255e6bdce3cca)
Diffstat (limited to 'Modules/_ssl.c')
| -rw-r--r-- | Modules/_ssl.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 2a2c18f..dbfbd44 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -599,6 +599,7 @@ newPySSLSocket(PySSLContext *sslctx, PySocketSockObject *sock, self->ssl = NULL; self->Socket = NULL; self->ctx = sslctx; + Py_INCREF(sslctx); self->shutdown_seen_zero = 0; self->handshake_done = 0; self->owner = NULL; @@ -613,8 +614,6 @@ newPySSLSocket(PySSLContext *sslctx, PySocketSockObject *sock, self->server_hostname = hostname; } - Py_INCREF(sslctx); - /* Make sure the SSL error state is initialized */ (void) ERR_get_state(); ERR_clear_error(); |