gh-105375: Harden _ssl initialisation (#105599)

Add proper error handling to prevent reference leaks and overwritten exceptions.
2023-06-11 11:56:32 +02:00 · 2023-06-11 11:56:32 +02:00 · 01f4230460
parent cc879481e2
commit 01f4230460
2 changed files with 13 additions and 5 deletions
--- a/Misc/NEWS.d/next/Library/2023-06-09-22-16-46.gh-issue-105375.EgVJOP.rst
+++ b/Misc/NEWS.d/next/Library/2023-06-09-22-16-46.gh-issue-105375.EgVJOP.rst
@ -0,0 +1,2 @@
+Fix bugs in :mod:`!_ssl` initialisation which could lead to leaked
+references and overwritten exceptions.
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@ -6001,15 +6001,21 @@ sslmodule_init_errorcodes(PyObject *module)

    errcode = error_codes;
    while (errcode->mnemonic != NULL) {
-        PyObject *mnemo, *key;
-        mnemo = PyUnicode_FromString(errcode->mnemonic);
-        key = Py_BuildValue("ii", errcode->library, errcode->reason);
-        if (mnemo == NULL || key == NULL)
+        PyObject *mnemo = PyUnicode_FromString(errcode->mnemonic);
+        if (mnemo == NULL) {
            return -1;
-        if (PyDict_SetItem(state->err_codes_to_names, key, mnemo))
+        }
+        PyObject *key = Py_BuildValue("ii", errcode->library, errcode->reason);
+        if (key == NULL) {
+            Py_DECREF(mnemo);
            return -1;
+        }
+        int rc = PyDict_SetItem(state->err_codes_to_names, key, mnemo);
        Py_DECREF(key);
        Py_DECREF(mnemo);
+        if (rc < 0) {
+            return -1;
+        }
        errcode++;
    }