Mirror
/
cpython
mirror of https://github.com/python/cpython
4
1
Fork 0
Code Issues Releases Wiki Activity

gh-117310: Remove extra DECREF on "no ciphers" error path in `_ssl._SSLContext` constructor (#117309) 

Remove extra self DECREF on ssl "no ciphers" error path.

This doesn't come up in practice because nobody links against a broken
OpenSSL library that provides nothing.
This commit is contained in:
Gregory P. Smith 2024-03-28 03:11:58 -07:00 committed by GitHub
parent 6c8ac8a32f
commit 8cb7d7ff86
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Misc/NEWS.d/next/Library/2024-03-27-21-05-52.gh-issue-117310.Bt2wox.rst Normal file
View File

@ -0,0 +1,4 @@
Fixed an unlikely early & extra ``Py_DECREF`` triggered crash in :mod:`ssl`
when creating a new ``_ssl._SSLContext`` if CPython was built implausibly such
that the default cipher list is empty **or** the SSL library it was linked
against reports a failure from its C ``SSL_CTX_set_cipher_list()`` API.

1
Modules/_ssl.c
View File

@ -3166,7 +3166,6 @@ _ssl__SSLContext_impl(PyTypeObject *type, int proto_version)
result = SSL_CTX_set_cipher_list(ctx, "HIGH:!aNULL:!eNULL"); result = SSL_CTX_set_cipher_list(ctx, "HIGH:!aNULL:!eNULL");
} }
if (result == 0) { if (result == 0) {
Py_DECREF(self);
ERR_clear_error(); ERR_clear_error();
PyErr_SetString(get_state_ctx(self)->PySSLErrorObject, PyErr_SetString(get_state_ctx(self)->PySSLErrorObject,
"No cipher can be selected."); "No cipher can be selected.");