8000 `_ssl.c` does not handle errors on module creation · Issue #111230 · python/cpython · GitHub
[go: up one dir, main page]
Skip to content

_ssl.c does not handle errors on module creation #111230

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
sobolevn opened this issue Oct 23, 2023 · 1 comment
Closed

_ssl.c does not handle errors on module creation #111230

sobolevn opened this issue Oct 23, 2023 · 1 comment
Assignees
@sobolevn
Labels
extension-modules C modules in the Modules dir topic-SSL type-bug An unexpected behavior, bug, or error

Comments

@sobolevn
Copy link
Member
sobolevn commented Oct 23, 2023
edited by bedevere-app bot
Loading
8000

Bug report

sslmodule_init_constants does not return -1 when any of PyModule_Add* calls fail.

For example, PyModule_AddIntConstant returns -1 on error, but it is never checked:

cpython/Modules/_ssl.c

Lines 5790 to 5831 in 96cbd1e

PyModule_AddStringConstant(m, "_DEFAULT_CIPHERS",
PY_SSL_DEFAULT_CIPHER_STRING);
PyModule_AddIntConstant(m, "SSL_ERROR_ZERO_RETURN",
PY_SSL_ERROR_ZERO_RETURN);
PyModule_AddIntConstant(m, "SSL_ERROR_WANT_READ",
PY_SSL_ERROR_WANT_READ);
PyModule_AddIntConstant(m, "SSL_ERROR_WANT_WRITE",
PY_SSL_ERROR_WANT_WRITE);
PyModule_AddIntConstant(m, "SSL_ERROR_WANT_X509_LOOKUP",
PY_SSL_ERROR_WANT_X509_LOOKUP);
PyModule_AddIntConstant(m, "SSL_ERROR_SYSCALL",
PY_SSL_ERROR_SYSCALL);
PyModule_AddIntConstant(m, "SSL_ERROR_SSL",
PY_SSL_ERROR_SSL);
PyModule_AddIntConstant(m, "SSL_ERROR_WANT_CONNECT",
PY_SSL_ERROR_WANT_CONNECT);
/* non ssl.h errorcodes */
PyModule_AddIntConstant(m, "SSL_ERROR_EOF",
PY_SSL_ERROR_EOF);
PyModule_AddIntConstant(m, "SSL_ERROR_INVALID_ERROR_CODE",
PY_SSL_ERROR_INVALID_ERROR_CODE);
/* cert requirements */
PyModule_AddIntConstant(m, "CERT_NONE",
PY_SSL_CERT_NONE);
PyModule_AddIntConstant(m, "CERT_OPTIONAL",
PY_SSL_CERT_OPTIONAL);
PyModule_AddIntConstant(m, "CERT_REQUIRED",
PY_SSL_CERT_REQUIRED);
/* CRL verification for verification_flags */
PyModule_AddIntConstant(m, "VERIFY_DEFAULT",
0);
PyModule_AddIntConstant(m, "VERIFY_CRL_CHECK_LEAF",
X509_V_FLAG_CRL_CHECK);
PyModule_AddIntConstant(m, "VERIFY_CRL_CHECK_CHAIN",
X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
PyModule_AddIntConstant(m, "VERIFY_X509_STRICT",
X509_V_FLAG_X509_STRICT);
PyModule_AddIntConstant(m, "VERIFY_ALLOW_PROXY_CERTS",
X509_V_FLAG_ALLOW_PROXY_CERTS);
PyModule_AddIntConstant(m, "VERIFY_X509_TRUSTED_FIRST",
X509_V_FLAG_TRUSTED_FIRST);

Other ``sslmodule_init_*` functions do check for errors correctly.
I have a PR ready.

Linked PRs
@sobolevn sobolevn added type-bug An unexpected behavior, bug, or error extension-modules C modules in the Modules dir topic-SSL labels Oct 23, 2023
@sobolevn sobolevn self-assigned this Oct 23, 2023
sobolevn added a commit to sobolevn/cpython that referenced this issue Oct 23, 2023
@sobolevn
pythongh-111230: Fix _ssl.c not checking for errors when initializi…
45894e0 
…ng a module
@bedevere-app bedevere-app bot mentioned this issue Oct 23, 2023
Merged
@sobolevn sobolevn mentioned this issue Oct 24, 2023
Closed
erlend-aasland pushed a commit that referenced this issue Oct 25, 2023
@sobolevn
gh-111230: Fix errors checking in _ssl module init (#111232)
f630494 
Introduce ADD_INT_CONST macro wrapper for PyModule_AddIntConstant()
@hugovk
Copy link
Member
hugovk commented Nov 10, 2023

Thanks!

@hugovk hugovk closed this as completed Nov 10, 2023
aisk pushed a commit to aisk/cpython that referenced this issue Feb 11, 2024
@sobolevn @aisk
pythongh-111230: Fix errors checking in _ssl module init (python#111232)
23c87cf 
Introduce ADD_INT_CONST macro wrapper for PyModule_AddIntConstant()
Glyphack pushed a commit to Glyphack/cpython that referenced this issue Sep 2, 2024
@sobolevn @Glyphack
pythongh-111230: Fix errors checking in _ssl module init (python#111232)
fcb01ab 
Introduce ADD_INT_CONST macro wrapper for PyModule_AddIntConstant()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sobolevn sobolevn

Labels
extension-modules C modules in the Modules dir topic-SSL type-bug An unexpected behavior, bug, or error
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hugovk @sobolevn
0