fix memory leak in _get_crl_dp (closes #25569)

Patch started by Stéphane Wirtel.

fix memory leak in _get_crl_dp (closes #25569)
Patch started by Stéphane Wirtel.
eda06c8f · Benjamin Peterson · 71a0b438 · eda06c8f · eda06c8f
Commit eda06c8f authored Nov 11, 2015 by Benjamin Peterson
Hide whitespace changes
Inline Side-by-side

Showing with 26 additions and 28 deletions

Misc/NEWS Misc/NEWS +2 -0

Modules/_ssl.c Modules/_ssl.c +24 -28

No files found.
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -107,6 +107,8 @@ Library
  at the end if the FileInput was opened with binary mode.
  Patch by Ryosuke Ito.
+- Issue #25569: Fix memory leak in SSLSocket.getpeercert().
 - Issue #21827: Fixed textwrap.dedent() for the case when largest common
  whitespace is a substring of smallest leading whitespace.
  Based on patch by Robert Li.

--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -1027,25 +1027,23 @@ _get_aia_uri(X509 *certificate, int nid) {
 static PyObject *
 _get_crl_dp(X509 *certificate) {
    STACK_OF(DIST_POINT) *dps;
-    int i, j, result;
+    int i, j;
-    PyObject *lst;
+    PyObject *lst, *res = NULL;
 #if OPENSSL_VERSION_NUMBER < 0x10001000L
-    dps = X509_get_ext_d2i(certificate, NID_crl_distribution_points,
+    dps = X509_get_ext_d2i(certificate, NID_crl_distribution_points, NULL, NULL);
-                           NULL, NULL);
 #else
    /* Calls x509v3_cache_extensions and sets up crldp */
    X509_check_ca(certificate);
    dps = certificate->crldp;
 #endif
-    if (dps == NULL) {
+    if (dps == NULL)
        return Py_None;
-    }
-    if ((lst = PyList_New(0)) == NULL) {
+    lst = PyList_New(0);
-        return NULL;
+    if (lst == NULL)
-    }
+        goto done;
    for (i=0; i < sk_DIST_POINT_num(dps); i++) {
        DIST_POINT *dp;
@@ -1058,6 +1056,7 @@ _get_crl_dp(X509 *certificate) {
            GENERAL_NAME *gn;
            ASN1_IA5STRING *uri;
            PyObject *ouri;
+            int err;
            gn = sk_GENERAL_NAME_value(gns, j);
            if (gn->type != GEN_URI) {
@@ -1066,28 +1065,25 @@ _get_crl_dp(X509 *certificate) {
            uri = gn->d.uniformResourceIdentifier;
            ouri = PyUnicode_FromStringAndSize((char *)uri->data,
                                               uri->length);
-            if (ouri == NULL) {
+            if (ouri == NULL)
-                Py_DECREF(lst);
+                goto done;
-                return NULL;
-            }
+            err = PyList_Append(lst, ouri);
-            result = PyList_Append(lst, ouri);
            Py_DECREF(ouri);
-            if (result < 0) {
+            if (err < 0)
-                Py_DECREF(lst);
+                goto done;
-                return NULL;
-            }
        }
    }
-    /* convert to tuple or None */
-    if (PyList_Size(lst) == 0) {
+    /* Convert to tuple. */
-        Py_DECREF(lst);
+    res = (PyList_GET_SIZE(lst) > 0) ? PyList_AsTuple(lst) : Py_None;
-        return Py_None;
-    } else {
+  done:
-        PyObject *tup;
+    Py_XDECREF(lst);
-        tup = PyList_AsTuple(lst);
+#if OPENSSL_VERSION_NUMBER < 0x10001000L
-        Py_DECREF(lst);
+    sk_DIST_POINT_free(dsp);
-        return tup;
+#endif
-    }
+    return res;
 }
 static PyObject *