_ssl.c does not handle errors on module creation

Bug report

sslmodule_init_constants does not return -1 when any of PyModule_Add* calls fail.

For example, PyModule_AddIntConstant returns -1 on error, but it is never checked:

Lines 5790 to 5831 in 96cbd1e

    
           PyModule_AddStringConstant(m, "_DEFAULT_CIPHERS", 
        
                                      PY_SSL_DEFAULT_CIPHER_STRING); 
        
           PyModule_AddIntConstant(m, "SSL_ERROR_ZERO_RETURN", 
        
                                   PY_SSL_ERROR_ZERO_RETURN); 
        
           PyModule_AddIntConstant(m, "SSL_ERROR_WANT_READ", 
        
                                   PY_SSL_ERROR_WANT_READ); 
        
           PyModule_AddIntConstant(m, "SSL_ERROR_WANT_WRITE", 
        
                                   PY_SSL_ERROR_WANT_WRITE); 
        
           PyModule_AddIntConstant(m, "SSL_ERROR_WANT_X509_LOOKUP", 
        
                                   PY_SSL_ERROR_WANT_X509_LOOKUP); 
        
           PyModule_AddIntConstant(m, "SSL_ERROR_SYSCALL", 
        
                                   PY_SSL_ERROR_SYSCALL); 
        
           PyModule_AddIntConstant(m, "SSL_ERROR_SSL", 
        
                                   PY_SSL_ERROR_SSL); 
        
           PyModule_AddIntConstant(m, "SSL_ERROR_WANT_CONNECT", 
        
                                   PY_SSL_ERROR_WANT_CONNECT); 
        
           /* non ssl.h errorcodes */ 
        
           PyModule_AddIntConstant(m, "SSL_ERROR_EOF", 
        
                                   PY_SSL_ERROR_EOF); 
        
           PyModule_AddIntConstant(m, "SSL_ERROR_INVALID_ERROR_CODE", 
        
                                   PY_SSL_ERROR_INVALID_ERROR_CODE); 
        
           /* cert requirements */ 
        
           PyModule_AddIntConstant(m, "CERT_NONE", 
        
                                   PY_SSL_CERT_NONE); 
        
           PyModule_AddIntConstant(m, "CERT_OPTIONAL", 
        
                                   PY_SSL_CERT_OPTIONAL); 
        
           PyModule_AddIntConstant(m, "CERT_REQUIRED", 
        
                                   PY_SSL_CERT_REQUIRED); 
        
           /* CRL verification for verification_flags */ 
        
           PyModule_AddIntConstant(m, "VERIFY_DEFAULT", 
        
                                   0); 
        
           PyModule_AddIntConstant(m, "VERIFY_CRL_CHECK_LEAF", 
        
                                   X509_V_FLAG_CRL_CHECK); 
        
           PyModule_AddIntConstant(m, "VERIFY_CRL_CHECK_CHAIN", 
        
                                   X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL); 
        
           PyModule_AddIntConstant(m, "VERIFY_X509_STRICT", 
        
                                   X509_V_FLAG_X509_STRICT); 
        
           PyModule_AddIntConstant(m, "VERIFY_ALLOW_PROXY_CERTS", 
        
                                   X509_V_FLAG_ALLOW_PROXY_CERTS); 
        
           PyModule_AddIntConstant(m, "VERIFY_X509_TRUSTED_FIRST", 
        
                                   X509_V_FLAG_TRUSTED_FIRST);

Other ``sslmodule_init_*` functions do check for errors correctly.
I have a PR ready.

Linked PRs

gh-111230: Fix _ssl.c not checking for errors when initializing a module #111232

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

`_ssl.c` does not handle errors on module creation #111230

Bug report

Linked PRs

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

	PyModule_AddStringConstant(m, "_DEFAULT_CIPHERS",
	PY_SSL_DEFAULT_CIPHER_STRING);

	PyModule_AddIntConstant(m, "SSL_ERROR_ZERO_RETURN",
	PY_SSL_ERROR_ZERO_RETURN);
	PyModule_AddIntConstant(m, "SSL_ERROR_WANT_READ",
	PY_SSL_ERROR_WANT_READ);
	PyModule_AddIntConstant(m, "SSL_ERROR_WANT_WRITE",
	PY_SSL_ERROR_WANT_WRITE);
	PyModule_AddIntConstant(m, "SSL_ERROR_WANT_X509_LOOKUP",
	PY_SSL_ERROR_WANT_X509_LOOKUP);
	PyModule_AddIntConstant(m, "SSL_ERROR_SYSCALL",
	PY_SSL_ERROR_SYSCALL);
	PyModule_AddIntConstant(m, "SSL_ERROR_SSL",
	PY_SSL_ERROR_SSL);
	PyModule_AddIntConstant(m, "SSL_ERROR_WANT_CONNECT",
	PY_SSL_ERROR_WANT_CONNECT);
	/* non ssl.h errorcodes */
	PyModule_AddIntConstant(m, "SSL_ERROR_EOF",
	PY_SSL_ERROR_EOF);
	PyModule_AddIntConstant(m, "SSL_ERROR_INVALID_ERROR_CODE",
	PY_SSL_ERROR_INVALID_ERROR_CODE);
	/* cert requirements */
	PyModule_AddIntConstant(m, "CERT_NONE",
	PY_SSL_CERT_NONE);
	PyModule_AddIntConstant(m, "CERT_OPTIONAL",
	PY_SSL_CERT_OPTIONAL);
	PyModule_AddIntConstant(m, "CERT_REQUIRED",
	PY_SSL_CERT_REQUIRED);
	/* CRL verification for verification_flags */
	PyModule_AddIntConstant(m, "VERIFY_DEFAULT",
	0);
	PyModule_AddIntConstant(m, "VERIFY_CRL_CHECK_LEAF",
	X509_V_FLAG_CRL_CHECK);
	PyModule_AddIntConstant(m, "VERIFY_CRL_CHECK_CHAIN",
	X509_V_FLAG_CRL_CHECK\|X509_V_FLAG_CRL_CHECK_ALL);
	PyModule_AddIntConstant(m, "VERIFY_X509_STRICT",
	X509_V_FLAG_X509_STRICT);
	PyModule_AddIntConstant(m, "VERIFY_ALLOW_PROXY_CERTS",
	X509_V_FLAG_ALLOW_PROXY_CERTS);
	PyModule_AddIntConstant(m, "VERIFY_X509_TRUSTED_FIRST",
	X509_V_FLAG_TRUSTED_FIRST);

Uh oh!

_ssl.c does not handle errors on module creation #111230

Description

Bug report

Linked PRs

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions

`_ssl.c` does not handle errors on module creation #111230