From 01f4230460454d4a849a5ba93320142c1a0c93a8 Mon Sep 17 00:00:00 2001 From: "Erlend E. Aasland" Date: Sun, 11 Jun 2023 11:56:32 +0200 Subject: gh-105375: Harden _ssl initialisation (#105599) Add proper error handling to prevent reference leaks and overwritten exceptions. --- .../2023-06-09-22-16-46.gh-issue-105375.EgVJOP.rst | 2 ++ Modules/_ssl.c | 16 +++++++++++----- 2 files changed, 13 insertions(+), 5 deletions(-) create mode 100644 Misc/NEWS.d/next/Library/2023-06-09-22-16-46.gh-issue-105375.EgVJOP.rst diff --git a/Misc/NEWS.d/next/Library/2023-06-09-22-16-46.gh-issue-105375.EgVJOP.rst b/Misc/NEWS.d/next/Library/2023-06-09-22-16-46.gh-issue-105375.EgVJOP.rst new file mode 100644 index 0000000..49f7df6 --- /dev/null +++ b/Misc/NEWS.d/next/Library/2023-06-09-22-16-46.gh-issue-105375.EgVJOP.rst @@ -0,0 +1,2 @@ +Fix bugs in :mod:`!_ssl` initialisation which could lead to leaked +references and overwritten exceptions. diff --git a/Modules/_ssl.c b/Modules/_ssl.c index de90a4a..7a13821 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -6001,15 +6001,21 @@ sslmodule_init_errorcodes(PyObject *module) errcode = error_codes; while (errcode->mnemonic != NULL) { - PyObject *mnemo, *key; - mnemo = PyUnicode_FromString(errcode->mnemonic); - key = Py_BuildValue("ii", errcode->library, errcode->reason); - if (mnemo == NULL || key == NULL) + PyObject *mnemo = PyUnicode_FromString(errcode->mnemonic); + if (mnemo == NULL) { return -1; - if (PyDict_SetItem(state->err_codes_to_names, key, mnemo)) + } + PyObject *key = Py_BuildValue("ii", errcode->library, errcode->reason); + if (key == NULL) { + Py_DECREF(mnemo); return -1; + } + int rc = PyDict_SetItem(state->err_codes_to_names, key, mnemo); Py_DECREF(key); Py_DECREF(mnemo); + if (rc < 0) { + return -1; + } errcode++; } -- cgit v0.12