Fix a crash when setting a servername callback on a SSL server socket and the client doesn't send a server name.

Patch by Kazuhiro Yoshida. (originally issue #8109)
2013-04-11 20:48:42 +02:00 · 2013-04-11 20:48:42 +02:00 · 50b24d0d7c
parent 85b2afb1b1
commit 50b24d0d7c
4 changed files with 30 additions and 13 deletions
--- a/Doc/library/ssl.rst
+++ b/Doc/library/ssl.rst
@ -842,6 +842,7 @@ to speed up repeated connections from the same clients.
   The callback function, *server_name_callback*, will be called with three
   arguments; the first being the :class:`ssl.SSLSocket`, the second is a string
   that represents the server name that the client is intending to communicate
+   (or :const:`None` if the TLS Client Hello does not contain a server name)
   and the third argument is the original :class:`SSLContext`. The server name
   argument is the IDNA decoded server name.

--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@ -2096,7 +2096,8 @@ else:

            def servername_cb(ssl_sock, server_name, initial_context):
                calls.append((server_name, initial_context))
-                ssl_sock.context = other_context
+                if server_name is not None:
+                    ssl_sock.context = other_context
            server_context.set_servername_callback(servername_cb)

            stats = server_params_test(client_context, server_context,
@ -2108,6 +2109,14 @@ else:
            # CERTFILE4 was selected
            self.check_common_name(stats, 'fakehostname')

+            calls = []
+            # The callback is called with server_name=None
+            stats = server_params_test(client_context, server_context,
+                                       chatty=True,
+                                       sni_name=None)
+            self.assertEqual(calls, [(None, server_context)])
+            self.check_common_name(stats, 'localhost')
+
            # Check disabling the callback
            calls = []
            server_context.set_servername_callback(None)
--- a/Misc/ACKS
+++ b/Misc/ACKS
@ -1361,6 +1361,7 @@ Bob Yodlowski
 Danny Yoo
 Rory Yorke
 George Yoshida
+Kazuhiro Yoshida
 Masazumi Yoshikawa
 Arnaud Ysmal
 Bernard Yue
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@ -2448,22 +2448,28 @@ _servername_callback(SSL *s, int *al, void *args)
        goto error;
    }
 
-    servername_o = PyBytes_FromString(servername);
-    if (servername_o == NULL) {
-        PyErr_WriteUnraisable((PyObject *) ssl_ctx);
-        goto error;
+    if (servername == NULL) {
+        result = PyObject_CallFunctionObjArgs(ssl_ctx->set_hostname, ssl_socket,
+                                              Py_None, ssl_ctx, NULL);
    }
-    servername_idna = PyUnicode_FromEncodedObject(servername_o, "idna", NULL);
-    if (servername_idna == NULL) {
-        PyErr_WriteUnraisable(servername_o);
+    else {
+        servername_o = PyBytes_FromString(servername);
+        if (servername_o == NULL) {
+            PyErr_WriteUnraisable((PyObject *) ssl_ctx);
+            goto error;
+        }
+        servername_idna = PyUnicode_FromEncodedObject(servername_o, "idna", NULL);
+        if (servername_idna == NULL) {
+            PyErr_WriteUnraisable(servername_o);
+            Py_DECREF(servername_o);
+            goto error;
+        }
        Py_DECREF(servername_o);
-        goto error;
+        result = PyObject_CallFunctionObjArgs(ssl_ctx->set_hostname, ssl_socket,
+                                              servername_idna, ssl_ctx, NULL);
+        Py_DECREF(servername_idna);
    }
-    Py_DECREF(servername_o);
-    result = PyObject_CallFunctionObjArgs(ssl_ctx->set_hostname, ssl_socket,
-                                          servername_idna, ssl_ctx, NULL);
    Py_DECREF(ssl_socket);
-    Py_DECREF(servername_idna);

    if (result == NULL) {
        PyErr_WriteUnraisable(ssl_ctx->set_hostname);