From a28398e9c60848fc291c83dac44e5212694fb0b2 Mon Sep 17 00:00:00 2001 From: "Miss Islington (bot)" <31488909+miss-islington@users.noreply.github.com> Date: Fri, 9 Apr 2021 07:51:25 -0700 Subject: [3.8] bpo-43789: OpenSSL 3.0.0 Don't call passwd callback again in error case (GH-25303) (GH-25306) (cherry picked from commit d3b73f32ef7c693a6ae8c54eb0e62df3b5315caf) Co-authored-by: Christian Heimes --- Misc/NEWS.d/next/Library/2021-04-09-14-08-03.bpo-43789.eaHlAm.rst | 2 ++ Modules/_ssl.c | 7 +++++++ 2 files changed, 9 insertions(+) create mode 100644 Misc/NEWS.d/next/Library/2021-04-09-14-08-03.bpo-43789.eaHlAm.rst diff --git a/Misc/NEWS.d/next/Library/2021-04-09-14-08-03.bpo-43789.eaHlAm.rst b/Misc/NEWS.d/next/Library/2021-04-09-14-08-03.bpo-43789.eaHlAm.rst new file mode 100644 index 0000000..1c08529 --- /dev/null +++ b/Misc/NEWS.d/next/Library/2021-04-09-14-08-03.bpo-43789.eaHlAm.rst @@ -0,0 +1,2 @@ +OpenSSL 3.0.0: Don't call the password callback function a second time when +first call has signaled an error condition. diff --git a/Modules/_ssl.c b/Modules/_ssl.c index bc98375..58d9f86 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -3933,6 +3933,13 @@ _password_callback(char *buf, int size, int rwflag, void *userdata) PySSL_END_ALLOW_THREADS_S(pw_info->thread_state); + if (pw_info->error) { + /* already failed previously. OpenSSL 3.0.0-alpha14 invokes the + * callback multiple times which can lead to fatal Python error in + * exception check. */ + goto error; + } + if (pw_info->callable) { fn_ret = _PyObject_CallNoArg(pw_info->callable); if (!fn_ret) { -- cgit v0.12