https://github.com/python/cpython/commit/65a0923c708210f393e2dbf5b231ca09c4b045c7 commit: 65a0923c708210f393e2dbf5b231ca09c4b045c7 branch: 3.11 author: Miss Islington (bot) <[email protected]> committer: gpshead <[email protected]> date: 2024-03-28T10:05:19-07:00 summary:
[3.11] gh-117310: Remove extra DECREF on "no ciphers" error path in `_ssl._SSLContext` constructor (GH-117309) (GH-117318) gh-117310: Remove extra DECREF on "no ciphers" error path in `_ssl._SSLContext` constructor (GH-117309) Remove extra self DECREF on ssl "no ciphers" error path. This doesn't come up in practice because nobody links against a broken OpenSSL library that provides nothing. (cherry picked from commit 8cb7d7ff86a1a2d41195f01ba4f218941dd7308c) Co-authored-by: Gregory P. Smith <[email protected]> files: A Misc/NEWS.d/next/Library/2024-03-27-21-05-52.gh-issue-117310.Bt2wox.rst M Modules/_ssl.c diff --git a/Misc/NEWS.d/next/Library/2024-03-27-21-05-52.gh-issue-117310.Bt2wox.rst b/Misc/NEWS.d/next/Library/2024-03-27-21-05-52.gh-issue-117310.Bt2wox.rst new file mode 100644 index 00000000000000..429b890b8b609a --- /dev/null +++ b/Misc/NEWS.d/next/Library/2024-03-27-21-05-52.gh-issue-117310.Bt2wox.rst @@ -0,0 +1,4 @@ +Fixed an unlikely early & extra ``Py_DECREF`` triggered crash in :mod:`ssl` +when creating a new ``_ssl._SSLContext`` if CPython was built implausibly such +that the default cipher list is empty **or** the SSL library it was linked +against reports a failure from its C ``SSL_CTX_set_cipher_list()`` API. diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 2ee7db677b2094..120c739e196732 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -3165,7 +3165,6 @@ _ssl__SSLContext_impl(PyTypeObject *type, int proto_version) result = SSL_CTX_set_cipher_list(ctx, "HIGH:!aNULL:!eNULL"); } if (result == 0) { - Py_DECREF(self); ERR_clear_error(); PyErr_SetString(get_state_ctx(self)->PySSLErrorObject, "No cipher can be selected."); _______________________________________________ Python-checkins mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3/lists/python-checkins.python.org/ Member address: [email protected]
