Mirror
/
cpython
mirror of https://github.com/python/cpython
4
1
Fork 0
Code Issues Releases Wiki Activity

bpo-339827: Do not swallow exceptions in the _ssl module. (GH-12756)

This commit is contained in:
Serhiy Storchaka 2019-05-31 10:39:15 +03:00 committed by GitHub
parent 530f506ac9
commit 65fb2c08c0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 52 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
Modules/_ssl.c
View File

@ -590,19 +590,18 @@ fill_and_set_sslerror(PySSLSocket *sslsock, PyObject *type, int ssl_errno,
key = Py_BuildValue("ii", lib, reason);
if (key == NULL)
goto fail;
reason_obj = PyDict_GetItem(err_codes_to_names, key);
reason_obj = PyDict_GetItemWithError(err_codes_to_names, key);
Py_DECREF(key);
if (reason_obj == NULL) {
/* XXX if reason < 100, it might reflect a library number (!!) */
PyErr_Clear();
if (reason_obj == NULL && PyErr_Occurred()) {
goto fail;
}
key = PyLong_FromLong(lib);
if (key == NULL)
goto fail;
lib_obj = PyDict_GetItem(lib_codes_to_names, key);
lib_obj = PyDict_GetItemWithError(lib_codes_to_names, key);
Py_DECREF(key);
if (lib_obj == NULL) {
PyErr_Clear();
if (lib_obj == NULL && PyErr_Occurred()) {
goto fail;
}
if (errstr == NULL)
errstr = ERR_reason_error_string(errcode);
@ -3682,7 +3681,7 @@ _pwinfo_set(_PySSLPasswordInfo *pw_info, PyObject* password,
Py_ssize_t size;
if (PyUnicode_Check(password)) {
password_bytes = PyUnicode_AsEncodedString(password, NULL, NULL);
password_bytes = PyUnicode_AsUTF8String(password);
if (!password_bytes) {
goto error;
}
@ -3787,13 +3786,17 @@ _ssl__SSLContext_load_cert_chain_impl(PySSLContext *self, PyObject *certfile,
if (keyfile == Py_None)
keyfile = NULL;
if (!PyUnicode_FSConverter(certfile, &certfile_bytes)) {
PyErr_SetString(PyExc_TypeError,
"certfile should be a valid filesystem path");
if (PyErr_ExceptionMatches(PyExc_TypeError)) {
PyErr_SetString(PyExc_TypeError,
"certfile should be a valid filesystem path");
}
return NULL;
}
if (keyfile && !PyUnicode_FSConverter(keyfile, &keyfile_bytes)) {
PyErr_SetString(PyExc_TypeError,
"keyfile should be a valid filesystem path");
if (PyErr_ExceptionMatches(PyExc_TypeError)) {
PyErr_SetString(PyExc_TypeError,
"keyfile should be a valid filesystem path");
}
goto error;
}
if (password && password != Py_None) {
@ -3985,22 +3988,44 @@ _ssl__SSLContext_load_verify_locations_impl(PySSLContext *self,
goto error;
}
if (cafile && !PyUnicode_FSConverter(cafile, &cafile_bytes)) {
PyErr_SetString(PyExc_TypeError,
"cafile should be a valid filesystem path");
if (PyErr_ExceptionMatches(PyExc_TypeError)) {
PyErr_SetString(PyExc_TypeError,
"cafile should be a valid filesystem path");
}
goto error;
}
if (capath && !PyUnicode_FSConverter(capath, &capath_bytes)) {
PyErr_SetString(PyExc_TypeError,
"capath should be a valid filesystem path");
if (PyErr_ExceptionMatches(PyExc_TypeError)) {
PyErr_SetString(PyExc_TypeError,
"capath should be a valid filesystem path");
}
goto error;
}
/* validata cadata type and load cadata */
if (cadata) {
Py_buffer buf;
PyObject *cadata_ascii = NULL;
if (PyObject_GetBuffer(cadata, &buf, PyBUF_SIMPLE) == 0) {
if (PyUnicode_Check(cadata)) {
PyObject *cadata_ascii = PyUnicode_AsASCIIString(cadata);
if (cadata_ascii == NULL) {
if (PyErr_ExceptionMatches(PyExc_UnicodeEncodeError)) {
goto invalid_cadata;
}
goto error;
}
r = _add_ca_certs(self,
PyBytes_AS_STRING(cadata_ascii),
PyBytes_GET_SIZE(cadata_ascii),
SSL_FILETYPE_PEM);
Py_DECREF(cadata_ascii);
if (r == -1) {
goto error;
}
}
else if (PyObject_CheckBuffer(cadata)) {
Py_buffer buf;
if (PyObject_GetBuffer(cadata, &buf, PyBUF_SIMPLE)) {
goto error;
}
if (!PyBuffer_IsContiguous(&buf, 'C') || buf.ndim > 1) {
PyBuffer_Release(&buf);
PyErr_SetString(PyExc_TypeError,
@ -4013,23 +4038,13 @@ _ssl__SSLContext_load_verify_locations_impl(PySSLContext *self,
if (r == -1) {
goto error;
}
} else {
PyErr_Clear();
cadata_ascii = PyUnicode_AsASCIIString(cadata);
if (cadata_ascii == NULL) {
PyErr_SetString(PyExc_TypeError,
"cadata should be an ASCII string or a "
"bytes-like object");
goto error;
}
r = _add_ca_certs(self,
PyBytes_AS_STRING(cadata_ascii),
PyBytes_GET_SIZE(cadata_ascii),
SSL_FILETYPE_PEM);
Py_DECREF(cadata_ascii);
if (r == -1) {
goto error;
}
}
else {
invalid_cadata:
PyErr_SetString(PyExc_TypeError,
"cadata should be an ASCII string or a "
"bytes-like object");
goto error;
}
}