Fix a reference leak in _bufferedreader_read_all():
_io.BufferedIOMixin.read() leaks a reference on 'data'
when it reads the whole file content but flush() fails.
Fix a reference leak in json if parsing a floating point number fails.
If PyOS_string_to_double() fails in _match_number_str():
decrement numstr ref counter.
Fix two unlikely reference leaks in _hashopenssl. The leaks only occur in
out-of-memory cases. Thanks to Charalampos Stratakis.
Signed-off-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue36179.
(cherry picked from commit b7bc283ab6)
Co-authored-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue36179
The standard math library (libm) may follow IEEE-754 recommendation to
include an implementation of sinPi(), i.e. sinPi(x):=sin(pi*x).
And this triggers a name clash, found by FreeBSD developer
Steve Kargl, who worked on putting sinpi into libm used on FreeBSD
(it has to be named "sinpi", not "sinPi", cf. e.g.
https://en.cppreference.com/w/c/experimental/fpext4).
Backport of TLS 1.3 related fixes from 3.7.
Misc fixes and workarounds for compatibility with OpenSSL 1.1.1 from git
master and TLS 1.3 support. With OpenSSL 1.1.1, Python negotiates TLS 1.3 by
default. Some test cases only apply to TLS 1.2.
OpenSSL 1.1.1 has added a new option OP_ENABLE_MIDDLEBOX_COMPAT for TLS
1.3. The feature is enabled by default for maximum compatibility with
broken middle boxes. Users should be able to disable the hack and CPython's test suite needs
it to verify default options
Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 2a4ee8aa01)
The options OP_NO_COMPRESSION, OP_CIPHER_SERVER_PREFERENCE,
OP_SINGLE_DH_USE, OP_SINGLE_ECDH_USE, OP_NO_SSLv2 (except
for PROTOCOL_SSLv2), and OP_NO_SSLv3 (except for PROTOCOL_SSLv3)
are set by default. The initial cipher suite list contains only
HIGH ciphers, no NULL ciphers and MD5 ciphers (except for PROTOCOL_SSLv2).
(cherry picked from commit 358cfd426c)
Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL
distribution points with empty DP or URI correctly. A malicious or buggy
certificate can result into segfault.
Signed-off-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue35746
(cherry picked from commit a37f52436f)
Co-authored-by: Christian Heimes <christian@python.org>
"dll" would leak if an error occurred in _validate_paramflags() or
GenericPyCData_new().
(cherry picked from commit d77d97c9a1)
Co-authored-by: Zackery Spytz <zspytz@gmail.com>
In _localemodule.c and selectmodule.c, remove dead code that would
cause double decrefs if run.
In addition, replace PyList_SetItem() with PyList_SET_ITEM() in cases
where a new list is populated and there is no possibility of an error.
In addition, check if the list changed size in the loop in array_array_fromlist().
(cherry picked from commit 99d56b5356)
Co-authored-by: Zackery Spytz <zspytz@gmail.com>
Include <pyconfig.h> ealier in Modules/expat/xmltok.c to define
properly _POSIX_C_SOURCE. Python defines _POSIX_C_SOURCE as 200809L,
whereas <features.h> (included indirectly by <string.h>) defines
_POSIX_C_SOURCE as 199506L.
(cherry picked from commit cf247359d5)
Co-authored-by: Victor Stinner <vstinner@redhat.com>
They can be exposed when some C API calls fail due to lack of
memory.
* Failed Py_BuildValue() could cause an assertion error in the
following TextIOWrapper.tell().
* initvalue could leak in StringIO.__getstate__() after failed
PyDict_Copy().
(cherry picked from commit fdb5a50ef3)
Fixes assertion failures in _datetimemodule.c
introduced in the previous fix (see bpo-31752).
Rather of trying to handle an int subclass as exact int,
let it to use overridden special methods, but check the
result of divmod().
(cherry picked from commit 3ec0f49516)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
This typo doesn't affect the result because wrong bits are discarded
on implicit conversion to unsigned char, but it trips UBSan
with -fsanitize=implicit-integer-truncation.
(cherry picked from commit 7a69cf47a9)
Co-authored-by: Alexey Izbyshev <izbyshev@ispras.ru>
_io.IncrementalNewlineDecoder's initializer possibly assigns out-of-range
value to the bitwise struct field.
(cherry picked from commit b08746bfdf)
Co-authored-by: Xiang Zhang <angwerzx@126.com>
Don't leak a reference if PyDict_Update() fails, check the
PyList_New() call in treebuilder_new(), and properly handle failures
in xmlparser().
(cherry picked from commit 9f3ed3e213)
The C accelerated _elementtree module now initializes hash randomization
salt from _Py_HashSecret instead of libexpat's default CPRNG.
Signed-off-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue34623.
(cherry picked from commit cb5778f00c)
Co-authored-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue34623
Include ``openssl/dh.h`` header file to fix implicit function declaration of ``DH_free()``.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>.
(cherry picked from commit b3a271fc0c)
Co-authored-by: Alexandru Ardelean <ardeleanalex@gmail.com>
https://bugs.python.org/issue34710
Benjamin Peterson
Eric Wieser
Zackery Spytz
Miss Islington (bot)
Stéphane Wirtel
stratakis
T. Wouters
Christian Heimes
Dima Pasechnik
Serhiy Storchaka
Victor Stinner
Alexey Izbyshev
Vladimir Matveev