Commit 65fb2c08 authored by Serhiy Storchaka's avatar Serhiy Storchaka Committed by GitHub

bpo-339827: Do not swallow exceptions in the _ssl module. (GH-12756)

parent 530f506a
...@@ -590,19 +590,18 @@ fill_and_set_sslerror(PySSLSocket *sslsock, PyObject *type, int ssl_errno, ...@@ -590,19 +590,18 @@ fill_and_set_sslerror(PySSLSocket *sslsock, PyObject *type, int ssl_errno,
key = Py_BuildValue("ii", lib, reason); key = Py_BuildValue("ii", lib, reason);
if (key == NULL) if (key == NULL)
goto fail; goto fail;
reason_obj = PyDict_GetItem(err_codes_to_names, key); reason_obj = PyDict_GetItemWithError(err_codes_to_names, key);
Py_DECREF(key); Py_DECREF(key);
if (reason_obj == NULL) { if (reason_obj == NULL && PyErr_Occurred()) {
/* XXX if reason < 100, it might reflect a library number (!!) */ goto fail;
PyErr_Clear();
} }
key = PyLong_FromLong(lib); key = PyLong_FromLong(lib);
if (key == NULL) if (key == NULL)
goto fail; goto fail;
lib_obj = PyDict_GetItem(lib_codes_to_names, key); lib_obj = PyDict_GetItemWithError(lib_codes_to_names, key);
Py_DECREF(key); Py_DECREF(key);
if (lib_obj == NULL) { if (lib_obj == NULL && PyErr_Occurred()) {
PyErr_Clear(); goto fail;
} }
if (errstr == NULL) if (errstr == NULL)
errstr = ERR_reason_error_string(errcode); errstr = ERR_reason_error_string(errcode);
...@@ -3682,7 +3681,7 @@ _pwinfo_set(_PySSLPasswordInfo *pw_info, PyObject* password, ...@@ -3682,7 +3681,7 @@ _pwinfo_set(_PySSLPasswordInfo *pw_info, PyObject* password,
Py_ssize_t size; Py_ssize_t size;
if (PyUnicode_Check(password)) { if (PyUnicode_Check(password)) {
password_bytes = PyUnicode_AsEncodedString(password, NULL, NULL); password_bytes = PyUnicode_AsUTF8String(password);
if (!password_bytes) { if (!password_bytes) {
goto error; goto error;
} }
...@@ -3787,13 +3786,17 @@ _ssl__SSLContext_load_cert_chain_impl(PySSLContext *self, PyObject *certfile, ...@@ -3787,13 +3786,17 @@ _ssl__SSLContext_load_cert_chain_impl(PySSLContext *self, PyObject *certfile,
if (keyfile == Py_None) if (keyfile == Py_None)
keyfile = NULL; keyfile = NULL;
if (!PyUnicode_FSConverter(certfile, &certfile_bytes)) { if (!PyUnicode_FSConverter(certfile, &certfile_bytes)) {
if (PyErr_ExceptionMatches(PyExc_TypeError)) {
PyErr_SetString(PyExc_TypeError, PyErr_SetString(PyExc_TypeError,
"certfile should be a valid filesystem path"); "certfile should be a valid filesystem path");
}
return NULL; return NULL;
} }
if (keyfile && !PyUnicode_FSConverter(keyfile, &keyfile_bytes)) { if (keyfile && !PyUnicode_FSConverter(keyfile, &keyfile_bytes)) {
if (PyErr_ExceptionMatches(PyExc_TypeError)) {
PyErr_SetString(PyExc_TypeError, PyErr_SetString(PyExc_TypeError,
"keyfile should be a valid filesystem path"); "keyfile should be a valid filesystem path");
}
goto error; goto error;
} }
if (password && password != Py_None) { if (password && password != Py_None) {
...@@ -3985,22 +3988,44 @@ _ssl__SSLContext_load_verify_locations_impl(PySSLContext *self, ...@@ -3985,22 +3988,44 @@ _ssl__SSLContext_load_verify_locations_impl(PySSLContext *self,
goto error; goto error;
} }
if (cafile && !PyUnicode_FSConverter(cafile, &cafile_bytes)) { if (cafile && !PyUnicode_FSConverter(cafile, &cafile_bytes)) {
if (PyErr_ExceptionMatches(PyExc_TypeError)) {
PyErr_SetString(PyExc_TypeError, PyErr_SetString(PyExc_TypeError,
"cafile should be a valid filesystem path"); "cafile should be a valid filesystem path");
}
goto error; goto error;
} }
if (capath && !PyUnicode_FSConverter(capath, &capath_bytes)) { if (capath && !PyUnicode_FSConverter(capath, &capath_bytes)) {
if (PyErr_ExceptionMatches(PyExc_TypeError)) {
PyErr_SetString(PyExc_TypeError, PyErr_SetString(PyExc_TypeError,
"capath should be a valid filesystem path"); "capath should be a valid filesystem path");
}
goto error; goto error;
} }
/* validata cadata type and load cadata */ /* validata cadata type and load cadata */
if (cadata) { if (cadata) {
if (PyUnicode_Check(cadata)) {
PyObject *cadata_ascii = PyUnicode_AsASCIIString(cadata);
if (cadata_ascii == NULL) {
if (PyErr_ExceptionMatches(PyExc_UnicodeEncodeError)) {
goto invalid_cadata;
}
goto error;
}
r = _add_ca_certs(self,
PyBytes_AS_STRING(cadata_ascii),
PyBytes_GET_SIZE(cadata_ascii),
SSL_FILETYPE_PEM);
Py_DECREF(cadata_ascii);
if (r == -1) {
goto error;
}
}
else if (PyObject_CheckBuffer(cadata)) {
Py_buffer buf; Py_buffer buf;
PyObject *cadata_ascii = NULL; if (PyObject_GetBuffer(cadata, &buf, PyBUF_SIMPLE)) {
goto error;
if (PyObject_GetBuffer(cadata, &buf, PyBUF_SIMPLE) == 0) { }
if (!PyBuffer_IsContiguous(&buf, 'C') || buf.ndim > 1) { if (!PyBuffer_IsContiguous(&buf, 'C') || buf.ndim > 1) {
PyBuffer_Release(&buf); PyBuffer_Release(&buf);
PyErr_SetString(PyExc_TypeError, PyErr_SetString(PyExc_TypeError,
...@@ -4013,24 +4038,14 @@ _ssl__SSLContext_load_verify_locations_impl(PySSLContext *self, ...@@ -4013,24 +4038,14 @@ _ssl__SSLContext_load_verify_locations_impl(PySSLContext *self,
if (r == -1) { if (r == -1) {
goto error; goto error;
} }
} else { }
PyErr_Clear(); else {
cadata_ascii = PyUnicode_AsASCIIString(cadata); invalid_cadata:
if (cadata_ascii == NULL) {
PyErr_SetString(PyExc_TypeError, PyErr_SetString(PyExc_TypeError,
"cadata should be an ASCII string or a " "cadata should be an ASCII string or a "
"bytes-like object"); "bytes-like object");
goto error; goto error;
} }
r = _add_ca_certs(self,
PyBytes_AS_STRING(cadata_ascii),
PyBytes_GET_SIZE(cadata_ascii),
SSL_FILETYPE_PEM);
Py_DECREF(cadata_ascii);
if (r == -1) {
goto error;
}
}
} }
/* load cafile or capath */ /* load cafile or capath */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment