Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 86429bd

Browse files
benjaminpbenjaminp
committed
merge 3.5 (#25569)
2 parents a99ab63 + eda06c8 commit 86429bd

2 files changed

Lines changed: 26 additions & 28 deletions

File tree

Misc/NEWS

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -229,6 +229,8 @@ Library
229229
- Issue #24881: Fixed setting binary mode in Python implementation of FileIO
230230
on Windows and Cygwin. Patch from Akira Li.
231231

232+
- Issue #25569: Fix memory leak in SSLSocket.getpeercert().
233+
232234
- Issue #25471: Sockets returned from accept() shouldn't appear to be
233235
nonblocking.
234236

Modules/_ssl.c

Lines changed: 24 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -1067,25 +1067,23 @@ _get_aia_uri(X509 *certificate, int nid) {
10671067
static PyObject *
10681068
_get_crl_dp(X509 *certificate) {
10691069
STACK_OF(DIST_POINT) *dps;
1070-
int i, j, result;
1071-
PyObject *lst;
1070+
int i, j;
1071+
PyObject *lst, *res = NULL;
10721072

10731073
#if OPENSSL_VERSION_NUMBER < 0x10001000L
1074-
dps = X509_get_ext_d2i(certificate, NID_crl_distribution_points,
1075-
NULL, NULL);
1074+
dps = X509_get_ext_d2i(certificate, NID_crl_distribution_points, NULL, NULL);
10761075
#else
10771076
/* Calls x509v3_cache_extensions and sets up crldp */
10781077
X509_check_ca(certificate);
10791078
dps = certificate->crldp;
10801079
#endif
10811080

1082-
if (dps == NULL) {
1081+
if (dps == NULL)
10831082
return Py_None;
1084-
}
10851083

1086-
if ((lst = PyList_New(0)) == NULL) {
1087-
return NULL;
1088-
}
1084+
lst = PyList_New(0);
1085+
if (lst == NULL)
1086+
goto done;
10891087

10901088
for (i=0; i < sk_DIST_POINT_num(dps); i++) {
10911089
DIST_POINT *dp;
@@ -1098,6 +1096,7 @@ _get_crl_dp(X509 *certificate) {
10981096
GENERAL_NAME *gn;
10991097
ASN1_IA5STRING *uri;
11001098
PyObject *ouri;
1099+
int err;
11011100

11021101
gn = sk_GENERAL_NAME_value(gns, j);
11031102
if (gn->type != GEN_URI) {
@@ -1106,28 +1105,25 @@ _get_crl_dp(X509 *certificate) {
11061105
uri = gn->d.uniformResourceIdentifier;
11071106
ouri = PyUnicode_FromStringAndSize((char *)uri->data,
11081107
uri->length);
1109-
if (ouri == NULL) {
1110-
Py_DECREF(lst);
1111-
return NULL;
1112-
}
1113-
result = PyList_Append(lst, ouri);
1108+
if (ouri == NULL)
1109+
goto done;
1110+
1111+
err = PyList_Append(lst, ouri);
11141112
Py_DECREF(ouri);
1115-
if (result < 0) {
1116-
Py_DECREF(lst);
1117-
return NULL;
1118-
}
1113+
if (err < 0)
1114+
goto done;
11191115
}
11201116
}
1121-
/* convert to tuple or None */
1122-
if (PyList_Size(lst) == 0) {
1123-
Py_DECREF(lst);
1124-
return Py_None;
1125-
} else {
1126-
PyObject *tup;
1127-
tup = PyList_AsTuple(lst);
1128-
Py_DECREF(lst);
1129-
return tup;
1130-
}
1117+
1118+
/* Convert to tuple. */
1119+
res = (PyList_GET_SIZE(lst) > 0) ? PyList_AsTuple(lst) : Py_None;
1120+
1121+
done:
1122+
Py_XDECREF(lst);
1123+
#if OPENSSL_VERSION_NUMBER < 0x10001000L
1124+
sk_DIST_POINT_free(dsp);
1125+
#endif
1126+
return res;
11311127
}
11321128

11331129
static PyObject *

0 commit comments

Comments
 (0)