https://github.com/python/cpython/commit/8cb7d7ff86a1a2d41195f01ba4f218941dd7308c
commit: 8cb7d7ff86a1a2d41195f01ba4f218941dd7308c
branch: main
author: Gregory P. Smith <[email protected]>
committer: Yhg1s <[email protected]>
date: 2024-03-28T11:11:58+01:00
summary:
gh-117310: Remove extra DECREF on "no ciphers" error path in `_ssl._SSLContext`
constructor (#117309)
Remove extra self DECREF on ssl "no ciphers" error path.
This doesn't come up in practice because nobody links against a broken
OpenSSL library that provides nothing.
files:
A Misc/NEWS.d/next/Library/2024-03-27-21-05-52.gh-issue-117310.Bt2wox.rst
M Modules/_ssl.c
diff --git
a/Misc/NEWS.d/next/Library/2024-03-27-21-05-52.gh-issue-117310.Bt2wox.rst
b/Misc/NEWS.d/next/Library/2024-03-27-21-05-52.gh-issue-117310.Bt2wox.rst
new file mode 100644
index 00000000000000..429b890b8b609a
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2024-03-27-21-05-52.gh-issue-117310.Bt2wox.rst
@@ -0,0 +1,4 @@
+Fixed an unlikely early & extra ``Py_DECREF`` triggered crash in :mod:`ssl`
+when creating a new ``_ssl._SSLContext`` if CPython was built implausibly such
+that the default cipher list is empty **or** the SSL library it was linked
+against reports a failure from its C ``SSL_CTX_set_cipher_list()`` API.
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index f5a79dcb1ac57d..fbf914c4321922 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -3166,7 +3166,6 @@ _ssl__SSLContext_impl(PyTypeObject *type, int
proto_version)
result = SSL_CTX_set_cipher_list(ctx, "HIGH:!aNULL:!eNULL");
}
if (result == 0) {
- Py_DECREF(self);
ERR_clear_error();
PyErr_SetString(get_state_ctx(self)->PySSLErrorObject,
"No cipher can be selected.");
_______________________________________________
Python-checkins mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/python-checkins.python.org/
Member address: [email protected]
