cpython: 4ae6095b4638 (original) (raw)
Mercurial > cpython
changeset 83251:4ae6095b4638
Fix a crash when setting a servername callback on a SSL server socket and the client doesn't send a server name. Patch by Kazuhiro Yoshida. (originally issue #8109) [#8109]
| Antoine Pitrou solipsis@pitrou.net | |
|---|---|
| date | Thu, 11 Apr 2013 20:48:42 +0200 |
| parents | 6cc56e21a74d |
| children | 1c794d713e70 |
| files | Doc/library/ssl.rst Lib/test/test_ssl.py Misc/ACKS Modules/_ssl.c |
| diffstat | 4 files changed, 30 insertions(+), 13 deletions(-)[+] [-] Doc/library/ssl.rst 1 Lib/test/test_ssl.py 11 Misc/ACKS 1 Modules/_ssl.c 30 |
line wrap: on
line diff
--- a/Doc/library/ssl.rst
+++ b/Doc/library/ssl.rst
@@ -842,6 +842,7 @@ to speed up repeated connections from th
The callback function, server_name_callback, will be called with three
arguments; the first being the :class:ssl.SSLSocket, the second is a string
that represents the server name that the client is intending to communicate
- (or :const:
Noneif the TLS Client Hello does not contain a server name) and the third argument is the original :class:SSLContext. The server name argument is the IDNA decoded server name.
--- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -2096,7 +2096,8 @@ else: def servername_cb(ssl_sock, server_name, initial_context): calls.append((server_name, initial_context))
ssl_sock.context = other_context[](#l2.7)
if server_name is not None:[](#l2.8)ssl_sock.context = other_context[](#l2.9) server_context.set_servername_callback(servername_cb)[](#l2.10)
stats = server_params_test(client_context, server_context, @@ -2108,6 +2109,14 @@ else: # CERTFILE4 was selected self.check_common_name(stats, 'fakehostname')
calls = [][](#l2.17)# The callback is called with server_name=None[](#l2.18)stats = server_params_test(client_context, server_context,[](#l2.19)chatty=True,[](#l2.20)sni_name=None)[](#l2.21)self.assertEqual(calls, [(None, server_context)])[](#l2.22)self.check_common_name(stats, 'localhost')[](#l2.23)
+ # Check disabling the callback calls = [] server_context.set_servername_callback(None)
--- a/Misc/ACKS +++ b/Misc/ACKS @@ -1361,6 +1361,7 @@ Bob Yodlowski Danny Yoo Rory Yorke George Yoshida +Kazuhiro Yoshida Masazumi Yoshikawa Arnaud Ysmal Bernard Yue
--- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -2448,22 +2448,28 @@ static int goto error; }
- servername_o = PyBytes_FromString(servername);
- if (servername_o == NULL) {
PyErr_WriteUnraisable((PyObject *) ssl_ctx);[](#l4.9)goto error;[](#l4.10)
- if (servername == NULL) {
result = PyObject_CallFunctionObjArgs(ssl_ctx->set_hostname, ssl_socket,[](#l4.12)
}Py_None, ssl_ctx, NULL);[](#l4.13)
- servername_idna = PyUnicode_FromEncodedObject(servername_o, "idna", NULL);
- if (servername_idna == NULL) {
PyErr_WriteUnraisable(servername_o);[](#l4.17)
- else {
servername_o = PyBytes_FromString(servername);[](#l4.19)if (servername_o == NULL) {[](#l4.20)PyErr_WriteUnraisable((PyObject *) ssl_ctx);[](#l4.21)goto error;[](#l4.22)}[](#l4.23)servername_idna = PyUnicode_FromEncodedObject(servername_o, "idna", NULL);[](#l4.24)if (servername_idna == NULL) {[](#l4.25)PyErr_WriteUnraisable(servername_o);[](#l4.26)Py_DECREF(servername_o);[](#l4.27)goto error;[](#l4.28)}[](#l4.29) Py_DECREF(servername_o);[](#l4.30)
goto error;[](#l4.31)
result = PyObject_CallFunctionObjArgs(ssl_ctx->set_hostname, ssl_socket,[](#l4.32)servername_idna, ssl_ctx, NULL);[](#l4.33)
}Py_DECREF(servername_idna);[](#l4.34)
- Py_DECREF(servername_o);
- result = PyObject_CallFunctionObjArgs(ssl_ctx->set_hostname, ssl_socket,
Py_DECREF(ssl_socket);servername_idna, ssl_ctx, NULL);[](#l4.38)- Py_DECREF(servername_idna);
if (result == NULL) { PyErr_WriteUnraisable(ssl_ctx->set_hostname);