From 3ed1c1d26ce9fa18e9ef8c2be82e76dc7d00075e Mon Sep 17 00:00:00 2001 From: "Gregory P. Smith [Google LLC]" Date: Wed, 27 Mar 2024 20:48:26 -0700 Subject: [PATCH 1/3] Remove extra self DECREF on ssl "no ciphers" error path. This doesn't come up in practice because nobody links against a broken OpenSSL library that provides nothing. --- Modules/_ssl.c | 1 - 1 file changed, 1 deletion(-) diff --git a/Modules/_ssl.c b/Modules/_ssl.c index f5a79dcb1ac57d..fbf914c4321922 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -3166,7 +3166,6 @@ _ssl__SSLContext_impl(PyTypeObject *type, int proto_version) result = SSL_CTX_set_cipher_list(ctx, "HIGH:!aNULL:!eNULL"); } if (result == 0) { - Py_DECREF(self); ERR_clear_error(); PyErr_SetString(get_state_ctx(self)->PySSLErrorObject, "No cipher can be selected."); From 081f30fa69a5d0397416c36346ee6549b154f2f2 Mon Sep 17 00:00:00 2001 From: "Gregory P. Smith [Google LLC]" Date: Wed, 27 Mar 2024 21:05:56 -0700 Subject: [PATCH 2/3] NEWS entry. --- .../Library/2024-03-27-21-05-52.gh-issue-117310.Bt2wox.rst | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 Misc/NEWS.d/next/Library/2024-03-27-21-05-52.gh-issue-117310.Bt2wox.rst diff --git a/Misc/NEWS.d/next/Library/2024-03-27-21-05-52.gh-issue-117310.Bt2wox.rst b/Misc/NEWS.d/next/Library/2024-03-27-21-05-52.gh-issue-117310.Bt2wox.rst new file mode 100644 index 00000000000000..9a26f1156dbcfc --- /dev/null +++ b/Misc/NEWS.d/next/Library/2024-03-27-21-05-52.gh-issue-117310.Bt2wox.rst @@ -0,0 +1,3 @@ +Fixed an implausible extra DECREF related crash in :mod:`ssl` when creating +a new ``_ssl._SSLContext`` if the build was linked against a non-functional +SSL library whos C ``SSL_CTX_set_cipher_list()`` API reports failure. From 83d36ddd79047ce449ecee36fd44b1c2fd7eff8e Mon Sep 17 00:00:00 2001 From: "Gregory P. Smith [Google LLC]" Date: Wed, 27 Mar 2024 21:45:33 -0700 Subject: [PATCH 3/3] reword news --- .../Library/2024-03-27-21-05-52.gh-issue-117310.Bt2wox.rst | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/Misc/NEWS.d/next/Library/2024-03-27-21-05-52.gh-issue-117310.Bt2wox.rst b/Misc/NEWS.d/next/Library/2024-03-27-21-05-52.gh-issue-117310.Bt2wox.rst index 9a26f1156dbcfc..429b890b8b609a 100644 --- a/Misc/NEWS.d/next/Library/2024-03-27-21-05-52.gh-issue-117310.Bt2wox.rst +++ b/Misc/NEWS.d/next/Library/2024-03-27-21-05-52.gh-issue-117310.Bt2wox.rst @@ -1,3 +1,4 @@ -Fixed an implausible extra DECREF related crash in :mod:`ssl` when creating -a new ``_ssl._SSLContext`` if the build was linked against a non-functional -SSL library whos C ``SSL_CTX_set_cipher_list()`` API reports failure. +Fixed an unlikely early & extra ``Py_DECREF`` triggered crash in :mod:`ssl` +when creating a new ``_ssl._SSLContext`` if CPython was built implausibly such +that the default cipher list is empty **or** the SSL library it was linked +against reports a failure from its C ``SSL_CTX_set_cipher_list()`` API.