Skip to content

C
cpython
Commit 45f9853a authored by Georg Brandl's avatar Georg Brandl
Browse files
Options

#19227: merge with 3.3

parents 2a706d19 2b22093a
Show whitespace changes
Inline Side-by-side
Showing with 11 additions and 7 deletions
Misc/NEWS
View file @ 45f9853a
...@@ -23,6 +23,9 @@ Library ...@@ -23,6 +23,9 @@ Library
- Issue #19329: Optimized compiling charsets in regular expressions. - Issue #19329: Optimized compiling charsets in regular expressions.
- Issue #19227: Try to fix deadlocks caused by re-seeding then OpenSSL
pseudo-random number generator on fork().
- Issue #16037: HTTPMessage.readheaders() raises an HTTPException when more than - Issue #16037: HTTPMessage.readheaders() raises an HTTPException when more than
100 headers are read. Adapted from patch by Jyrki Pulliainen. 100 headers are read. Adapted from patch by Jyrki Pulliainen.
......
Modules/_ssl.c
View file @ 45f9853a
...@@ -2952,7 +2952,7 @@ fails or if it does not provide enough data to seed PRNG."); ...@@ -2952,7 +2952,7 @@ fails or if it does not provide enough data to seed PRNG.");
/* Seed OpenSSL's PRNG at fork(), http://bugs.python.org/issue18747 /* Seed OpenSSL's PRNG at fork(), http://bugs.python.org/issue18747
* *
* The parent handler seeds the PRNG from pseudo-random data like pid, the * The prepare handler seeds the PRNG from pseudo-random data like pid, the
* current time (miliseconds or seconds) and an uninitialized array. * current time (miliseconds or seconds) and an uninitialized array.
* The array contains stack variables that are impossible to predict * The array contains stack variables that are impossible to predict
* on most systems, e.g. function return address (subject to ASLR), the * on most systems, e.g. function return address (subject to ASLR), the
...@@ -2961,16 +2961,17 @@ fails or if it does not provide enough data to seed PRNG."); ...@@ -2961,16 +2961,17 @@ fails or if it does not provide enough data to seed PRNG.");
* *
* Note: * Note:
* The code uses pthread_atfork() until Python has a proper atfork API. The * The code uses pthread_atfork() until Python has a proper atfork API. The
* handlers are not removed from the child process. A parent handler is used * handlers are not removed from the child process. A prepare handler is used
* instead of a child handler because fork() is supposed to be async-signal * instead of a child handler because fork() is supposed to be async-signal
* safe but the handler calls unsafe functions. * safe but the handler calls unsafe functions. A parent handler has caused
* other problems, see issue #19227.
*/ */
#if defined(HAVE_PTHREAD_ATFORK) && defined(WITH_THREAD) #if defined(HAVE_PTHREAD_ATFORK) && defined(WITH_THREAD)
#define PYSSL_RAND_ATFORK 1 #define PYSSL_RAND_ATFORK 1
static void static void
PySSL_RAND_atfork_parent(void) PySSL_RAND_atfork_prepare(void)
{ {
struct { struct {
char stack[128]; /* uninitialized (!) stack data, 128 is an char stack[128]; /* uninitialized (!) stack data, 128 is an
...@@ -2996,8 +2997,8 @@ PySSL_RAND_atfork(void) ...@@ -2996,8 +2997,8 @@ PySSL_RAND_atfork(void)
if (registered) if (registered)
return 0; return 0;
retval = pthread_atfork(NULL, /* prepare */ retval = pthread_atfork(PySSL_RAND_atfork_prepare, /* prepare */
PySSL_RAND_atfork_parent, /* parent */ NULL, /* parent */
NULL); /* child */ NULL); /* child */
if (retval != 0) { if (retval != 0) {
PyErr_SetFromErrno(PyExc_OSError); PyErr_SetFromErrno(PyExc_OSError);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7