8000 `_ssl.c` does not handle errors on module creation · Issue #111230 · python/cpython · GitHub
[go: up one dir, main page]

Skip to content

_ssl.c does not handle errors on module creation #111230

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
sobolevn opened this issue Oct 23, 2023 · 1 comment
Closed

_ssl.c does not handle errors on module creation #111230

sobolevn opened this issue Oct 23, 2023 · 1 comment
Assignees
Labels
extension-modules C modules in the Modules dir topic-SSL type-bug An unexpected behavior, bug, or error

Comments

@sobolevn
Copy link
Member
sobolevn commented Oct 23, 2023
8000

Bug report

sslmodule_init_constants does not return -1 when any of PyModule_Add* calls fail.

For example, PyModule_AddIntConstant returns -1 on error, but it is never checked:

cpython/Modules/_ssl.c

Lines 5790 to 5831 in 96cbd1e

PyModule_AddStringConstant(m, "_DEFAULT_CIPHERS",
PY_SSL_DEFAULT_CIPHER_STRING);
PyModule_AddIntConstant(m, "SSL_ERROR_ZERO_RETURN",
PY_SSL_ERROR_ZERO_RETURN);
PyModule_AddIntConstant(m, "SSL_ERROR_WANT_READ",
PY_SSL_ERROR_WANT_READ);
PyModule_AddIntConstant(m, "SSL_ERROR_WANT_WRITE",
PY_SSL_ERROR_WANT_WRITE);
PyModule_AddIntConstant(m, "SSL_ERROR_WANT_X509_LOOKUP",
PY_SSL_ERROR_WANT_X509_LOOKUP);
PyModule_AddIntConstant(m, "SSL_ERROR_SYSCALL",
PY_SSL_ERROR_SYSCALL);
PyModule_AddIntConstant(m, "SSL_ERROR_SSL",
PY_SSL_ERROR_SSL);
PyModule_AddIntConstant(m, "SSL_ERROR_WANT_CONNECT",
PY_SSL_ERROR_WANT_CONNECT);
/* non ssl.h errorcodes */
PyModule_AddIntConstant(m, "SSL_ERROR_EOF",
PY_SSL_ERROR_EOF);
PyModule_AddIntConstant(m, "SSL_ERROR_INVALID_ERROR_CODE",
PY_SSL_ERROR_INVALID_ERROR_CODE);
/* cert requirements */
PyModule_AddIntConstant(m, "CERT_NONE",
PY_SSL_CERT_NONE);
PyModule_AddIntConstant(m, "CERT_OPTIONAL",
PY_SSL_CERT_OPTIONAL);
PyModule_AddIntConstant(m, "CERT_REQUIRED",
PY_SSL_CERT_REQUIRED);
/* CRL verification for verification_flags */
PyModule_AddIntConstant(m, "VERIFY_DEFAULT",
0);
PyModule_AddIntConstant(m, "VERIFY_CRL_CHECK_LEAF",
X509_V_FLAG_CRL_CHECK);
PyModule_AddIntConstant(m, "VERIFY_CRL_CHECK_CHAIN",
X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
PyModule_AddIntConstant(m, "VERIFY_X509_STRICT",
X509_V_FLAG_X509_STRICT);
PyModule_AddIntConstant(m, "VERIFY_ALLOW_PROXY_CERTS",
X509_V_FLAG_ALLOW_PROXY_CERTS);
PyModule_AddIntConstant(m, "VERIFY_X509_TRUSTED_FIRST",
X509_V_FLAG_TRUSTED_FIRST);

Other ``sslmodule_init_*` functions do check for errors correctly.
I have a PR ready.

Linked PRs

@sobolevn sobolevn added type-bug An unexpected behavior, bug, or error extension-modules C modules in the Modules dir topic-SSL labels Oct 23, 2023
@sobolevn sobolevn self-assigned this Oct 23, 2023
sobolevn added a commit to sobolevn/cpython that referenced this issue Oct 23, 2023
erlend-aasland pushed a commit that referenced this issue Oct 25, 2023
Introduce ADD_INT_CONST macro wrapper for PyModule_AddIntConstant()
@hugovk
Copy link
Member
hugovk commented Nov 10, 2023

Thanks!

@hugovk hugovk closed this as completed Nov 10, 2023
aisk pushed a commit to aisk/cpython that referenced this issue Feb 11, 2024
Introduce ADD_INT_CONST macro wrapper for PyModule_AddIntConstant()
Glyphack pushed a commit to Glyphack/cpython that referenced this issue Sep 2, 2024
Introduce ADD_INT_CONST macro wrapper for PyModule_AddIntConstant()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
extension-modules C modules in the Modules dir topic-SSL type-bug An unexpected behavior, bug, or error
Projects
None yet
Development

No branches or pull requests

2 participants
0