[Python-bugs-list] [ python-Bugs-461358 ] SSL constructor/destructor bugs (original) (raw)

noreply@sourceforge.net noreply@sourceforge.net
Tue, 09 Oct 2001 19:39:25 -0700

Bugs item #461358, was opened at 2001-09-13 14:17 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=105470&aid=461358&group_id=5470

Category: Python Library Group: Python 2.1.1 Status: Open Resolution: None Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: SSL constructor/destructor bugs

Initial Comment: routine newSSLObject() in socketmodule.c does not initialize variables which SSL_dealloc() frees.

SSL_dealloc() calls SSL_CTX_free() and then SSL_free (). However, SSL_free() also frees the CTX.

in SSLObject, variable 'x_attr' seems to be unnecessary and maybe the source of a memory leak.

Comment By: Jeremy Hylton (jhylton) Date: 2001-10-09 19:39

Message: Logged In: YES user_id=31392

You're sure right about the memory leak! It calls PyDict_New(), stores the result in x_attr, and later sets x_attr to NULL.

Comment By: Gerhard H�ring (ghaering) Date: 2001-09-16 21:00

Message: Logged In: YES user_id=163326

Hello! I'm pretty new to OpenSSL, but I'm trying my best to nail the recently reported SSL bugs down. I could confirm everything you state here.

The docs didn't say anything about SSL_free() freeing the CTX, but the OpenSSL source says yes, it does.

If you'd log in next time, that would ease communication :-)

I'll soon (0-2 days) submit a patch that tries to fix some of the recently reported problems. I'll also try to bug a few people proficient in Python & OpenSSL to review my patch. You seem to be knowledgable in both, so another pair of eyes won't hurt.

Btw. I can be reached at gerhard@bigfoot.de

You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=105470&aid=461358&group_id=5470