traverseda
/
cpython
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fix memory leak in _get_crl_dp (closes #25569) 

Patch started by Stéphane Wirtel.
This commit is contained in:
Benjamin Peterson 2015-11-11 22:07:38 -08:00
parent 71a0b43854
commit eda06c8f5e
2 changed files with 26 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Misc/NEWS
View File

@ -107,6 +107,8 @@ Library
at the end if the FileInput was opened with binary mode. at the end if the FileInput was opened with binary mode.
Patch by Ryosuke Ito. Patch by Ryosuke Ito.
- Issue #25569: Fix memory leak in SSLSocket.getpeercert().
- Issue #21827: Fixed textwrap.dedent() for the case when largest common - Issue #21827: Fixed textwrap.dedent() for the case when largest common
whitespace is a substring of smallest leading whitespace. whitespace is a substring of smallest leading whitespace.
Based on patch by Robert Li. Based on patch by Robert Li.

52
Modules/_ssl.c
View File

@ -1027,25 +1027,23 @@ _get_aia_uri(X509 *certificate, int nid) {
static PyObject * static PyObject *
_get_crl_dp(X509 *certificate) { _get_crl_dp(X509 *certificate) {
STACK_OF(DIST_POINT) *dps; STACK_OF(DIST_POINT) *dps;
int i, j, result; int i, j;
PyObject *lst; PyObject *lst, *res = NULL;
#if OPENSSL_VERSION_NUMBER < 0x10001000L #if OPENSSL_VERSION_NUMBER < 0x10001000L
dps = X509_get_ext_d2i(certificate, NID_crl_distribution_points, dps = X509_get_ext_d2i(certificate, NID_crl_distribution_points, NULL, NULL);
NULL, NULL);
#else #else
/* Calls x509v3_cache_extensions and sets up crldp */ /* Calls x509v3_cache_extensions and sets up crldp */
X509_check_ca(certificate); X509_check_ca(certificate);
dps = certificate->crldp; dps = certificate->crldp;
#endif #endif
if (dps == NULL) { if (dps == NULL)
return Py_None; return Py_None;
}
if ((lst = PyList_New(0)) == NULL) { lst = PyList_New(0);
return NULL; if (lst == NULL)
} goto done;
for (i=0; i < sk_DIST_POINT_num(dps); i++) { for (i=0; i < sk_DIST_POINT_num(dps); i++) {
DIST_POINT *dp; DIST_POINT *dp;
@ -1058,6 +1056,7 @@ _get_crl_dp(X509 *certificate) {
GENERAL_NAME *gn; GENERAL_NAME *gn;
ASN1_IA5STRING *uri; ASN1_IA5STRING *uri;
PyObject *ouri; PyObject *ouri;
int err;
gn = sk_GENERAL_NAME_value(gns, j); gn = sk_GENERAL_NAME_value(gns, j);
if (gn->type != GEN_URI) { if (gn->type != GEN_URI) {
@ -1066,28 +1065,25 @@ _get_crl_dp(X509 *certificate) {
uri = gn->d.uniformResourceIdentifier; uri = gn->d.uniformResourceIdentifier;
ouri = PyUnicode_FromStringAndSize((char *)uri->data, ouri = PyUnicode_FromStringAndSize((char *)uri->data,
uri->length); uri->length);
if (ouri == NULL) { if (ouri == NULL)
Py_DECREF(lst); goto done;
return NULL;
} err = PyList_Append(lst, ouri);
result = PyList_Append(lst, ouri);
Py_DECREF(ouri); Py_DECREF(ouri);
if (result < 0) { if (err < 0)
Py_DECREF(lst); goto done;
return NULL;
}
} }
} }
/* convert to tuple or None */
if (PyList_Size(lst) == 0) { /* Convert to tuple. */
Py_DECREF(lst); res = (PyList_GET_SIZE(lst) > 0) ? PyList_AsTuple(lst) : Py_None;
return Py_None;
} else { done:
PyObject *tup; Py_XDECREF(lst);
tup = PyList_AsTuple(lst); #if OPENSSL_VERSION_NUMBER < 0x10001000L
Py_DECREF(lst); sk_DIST_POINT_free(dsp);
return tup; #endif
} return res;
} }
static PyObject * static PyObject *