[Python-checkins] gh-127257: ssl: Raise OSError for ERR_LIB_SYS (GH-127361)

Tue, 10 Dec 2024 02:56:46 -0800 

https://github.com/python/cpython/commit/f4b31edf2d9d72878dab1f66a36913b5bcc848ec
commit: f4b31edf2d9d72878dab1f66a36913b5bcc848ec
branch: main
author: Petr Viktorin <[email protected]>
committer: encukou <[email protected]>
date: 2024-12-10T11:56:24+01:00
summary:

gh-127257: ssl: Raise OSError for ERR_LIB_SYS (GH-127361)

>From the ERR_raise manpage:

    ERR_LIB_SYS

        This "library code" indicates that a system error is
        being reported.  In this case, the reason code given
        to `ERR_raise()` and `ERR_raise_data()` *must* be
        `errno(3)`.


This PR only handles ERR_LIB_SYS for the high-lever error types
SSL_ERROR_SYSCALL and SSL_ERROR_SSL, i.e., not the ones where
OpenSSL indicates it has some more information about the issue.

files:
A Misc/NEWS.d/next/Library/2024-11-28-14-14-46.gh-issue-127257.n6-jU9.rst
M Modules/_ssl.c

diff --git 
a/Misc/NEWS.d/next/Library/2024-11-28-14-14-46.gh-issue-127257.n6-jU9.rst 
b/Misc/NEWS.d/next/Library/2024-11-28-14-14-46.gh-issue-127257.n6-jU9.rst
new file mode 100644
index 00000000000000..fb0380cba0b607
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2024-11-28-14-14-46.gh-issue-127257.n6-jU9.rst
@@ -0,0 +1,2 @@
+In :mod:`ssl`, system call failures that OpenSSL reports using
+``ERR_LIB_SYS`` are now raised as :exc:`OSError`.
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 59c414f9ce1ceb..e7df132869fee6 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -667,6 +667,11 @@ PySSL_SetError(PySSLSocket *sslsock, const char *filename, 
int lineno)
                         ERR_GET_REASON(e) == SSL_R_CERTIFICATE_VERIFY_FAILED) {
                     type = state->PySSLCertVerificationErrorObject;
                 }
+                if (ERR_GET_LIB(e) == ERR_LIB_SYS) {
+                    // A system error is being reported; reason is set to errno
+                    errno = ERR_GET_REASON(e);
+                    return PyErr_SetFromErrno(PyExc_OSError);
+                }
                 p = PY_SSL_ERROR_SYSCALL;
             }
             break;
@@ -692,6 +697,11 @@ PySSL_SetError(PySSLSocket *sslsock, const char *filename, 
int lineno)
                 errstr = "EOF occurred in violation of protocol";
             }
 #endif
+            if (ERR_GET_LIB(e) == ERR_LIB_SYS) {
+                // A system error is being reported; reason is set to errno
+                errno = ERR_GET_REASON(e);
+                return PyErr_SetFromErrno(PyExc_OSError);
+            }
             break;
         }
         default:

_______________________________________________
Python-checkins mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/python-checkins.python.org/
Member address: [email protected]

Reply via email to