Commit eda06c8f authored by Benjamin Peterson's avatar Benjamin Peterson

fix memory leak in _get_crl_dp (closes #25569)

Patch started by Stéphane Wirtel.
parent 71a0b438
......@@ -107,6 +107,8 @@ Library
at the end if the FileInput was opened with binary mode.
Patch by Ryosuke Ito.
- Issue #25569: Fix memory leak in SSLSocket.getpeercert().
- Issue #21827: Fixed textwrap.dedent() for the case when largest common
whitespace is a substring of smallest leading whitespace.
Based on patch by Robert Li.
......
......@@ -1027,25 +1027,23 @@ _get_aia_uri(X509 *certificate, int nid) {
static PyObject *
_get_crl_dp(X509 *certificate) {
STACK_OF(DIST_POINT) *dps;
int i, j, result;
PyObject *lst;
int i, j;
PyObject *lst, *res = NULL;
#if OPENSSL_VERSION_NUMBER < 0x10001000L
dps = X509_get_ext_d2i(certificate, NID_crl_distribution_points,
NULL, NULL);
dps = X509_get_ext_d2i(certificate, NID_crl_distribution_points, NULL, NULL);
#else
/* Calls x509v3_cache_extensions and sets up crldp */
X509_check_ca(certificate);
dps = certificate->crldp;
#endif
if (dps == NULL) {
if (dps == NULL)
return Py_None;
}
if ((lst = PyList_New(0)) == NULL) {
return NULL;
}
lst = PyList_New(0);
if (lst == NULL)
goto done;
for (i=0; i < sk_DIST_POINT_num(dps); i++) {
DIST_POINT *dp;
......@@ -1058,6 +1056,7 @@ _get_crl_dp(X509 *certificate) {
GENERAL_NAME *gn;
ASN1_IA5STRING *uri;
PyObject *ouri;
int err;
gn = sk_GENERAL_NAME_value(gns, j);
if (gn->type != GEN_URI) {
......@@ -1066,28 +1065,25 @@ _get_crl_dp(X509 *certificate) {
uri = gn->d.uniformResourceIdentifier;
ouri = PyUnicode_FromStringAndSize((char *)uri->data,
uri->length);
if (ouri == NULL) {
Py_DECREF(lst);
return NULL;
}
result = PyList_Append(lst, ouri);
if (ouri == NULL)
goto done;
err = PyList_Append(lst, ouri);
Py_DECREF(ouri);
if (result < 0) {
Py_DECREF(lst);
return NULL;
}
}
if (err < 0)
goto done;
}
/* convert to tuple or None */
if (PyList_Size(lst) == 0) {
Py_DECREF(lst);
return Py_None;
} else {
PyObject *tup;
tup = PyList_AsTuple(lst);
Py_DECREF(lst);
return tup;
}
/* Convert to tuple. */
res = (PyList_GET_SIZE(lst) > 0) ? PyList_AsTuple(lst) : Py_None;
done:
Py_XDECREF(lst);
#if OPENSSL_VERSION_NUMBER < 0x10001000L
sk_DIST_POINT_free(dsp);
#endif
return res;
}
static PyObject *
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment