pyOpenSSL

Merge lp:~exarkun/pyopenssl/leaky-nids into lp:~exarkun/pyopenssl/trunk

  1. leaky-nids
  2. Merge into trunk
Proposed by Jean-Paul Calderone
Status: Merged
Merged at revision: not available
Proposed branch: lp:~exarkun/pyopenssl/leaky-nids
Merge into: lp:~exarkun/pyopenssl/trunk
Diff against target: None lines
To merge this branch: bzr merge lp:~exarkun/pyopenssl/leaky-nids
Reviewer Review Type Date Requested Status
rick_dean (community) Approve
Review via email: mp+8911@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Jean-Paul Calderone (exarkun) wrote :

Fixes X509Name's getattr to flush any OpenSSL errors it induces. This prevents them from popping up at some random later time when someone checks the error queue.

Also fixes the double-evaluation issue in the flush_error_queue helper which was triggering some gc assertion failures (when using debug build of Python).

Revision history for this message
rick_dean (rick-fdd) wrote :

This fixes bug 314814. You're awesome!

We should add a comment near the PyDECREF() of
flush_error_queue() so the bug doesn't return --
not so much for pyOpenSSL, but for other projects
who might copy it.

Latex doc?

Revision history for this message
rick_dean (rick-fdd) wrote :

Yes! (See comment above.)

review: Approve
lp:~exarkun/pyopenssl/leaky-nids updated
119. By Jean-Paul Calderone

A comment about this local, as recommended by rick

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'src/crypto/crypto.c'
2--- src/crypto/crypto.c 2009-07-08 16:48:33 +0000
3+++ src/crypto/crypto.c 2009-07-16 20:25:19 +0000
4@@ -2,7 +2,7 @@
5 * crypto.c
6 *
7 * Copyright (C) AB Strakt 2001, All rights reserved
8- * Copyright (C) Jean-Paul Calderone 2008, All rights reserved
9+ * Copyright (C) Jean-Paul Calderone 2008-2009, All rights reserved
10 *
11 * Main file of crypto sub module.
12 * See the file RATIONALE for a short explanation of why this module was written.
13@@ -535,6 +535,17 @@
14 return PyString_FromString(str);
15 }
16
17+static char crypto_exception_from_error_queue_doc[] = "\n\
18+Raise an exception from the current OpenSSL error queue.\n\
19+";
20+
21+static PyObject *
22+crypto_exception_from_error_queue(PyObject *spam, PyObject *eggs) {
23+ exception_from_error_queue(crypto_Error);
24+ return NULL;
25+}
26+
27+
28 /* Methods in the OpenSSL.crypto module (i.e. none) */
29 static PyMethodDef crypto_methods[] = {
30 /* Module functions */
31@@ -547,6 +558,7 @@
32 { "load_pkcs7_data", (PyCFunction)crypto_load_pkcs7_data, METH_VARARGS, crypto_load_pkcs7_data_doc },
33 { "load_pkcs12", (PyCFunction)crypto_load_pkcs12, METH_VARARGS, crypto_load_pkcs12_doc },
34 { "X509_verify_cert_error_string", (PyCFunction)crypto_X509_verify_cert_error_string, METH_VARARGS, crypto_X509_verify_cert_error_string_doc },
35+ { "_exception_from_error_queue", (PyCFunction)crypto_exception_from_error_queue, METH_NOARGS, crypto_exception_from_error_queue_doc },
36 { NULL, NULL }
37 };
38
39
40=== modified file 'src/crypto/x509name.c'
41--- src/crypto/x509name.c 2009-07-08 16:48:33 +0000
42+++ src/crypto/x509name.c 2009-07-16 20:25:19 +0000
43@@ -2,7 +2,7 @@
44 * x509name.c
45 *
46 * Copyright (C) AB Strakt 2001, All rights reserved
47- * Copyright (C) Jean-Paul Calderone 2008, All rights reserved
48+ * Copyright (C) Jean-Paul Calderone 2008-2009, All rights reserved
49 *
50 * X.509 Name handling, mostly thin wrapping.
51 * See the file RATIONALE for a short explanation of why this module was written.
52@@ -153,8 +153,15 @@
53 int nid, len;
54 char *utf8string;
55
56- if ((nid = OBJ_txt2nid(name)) == NID_undef)
57- {
58+ if ((nid = OBJ_txt2nid(name)) == NID_undef) {
59+ /*
60+ * This is a bit weird. OBJ_txt2nid indicated failure, but it seems
61+ * a lower level function, a2d_ASN1_OBJECT, also feels the need to
62+ * push something onto the error queue. If we don't clean that up
63+ * now, someone else will bump into it later and be quite confused.
64+ * See lp#314814.
65+ */
66+ flush_error_queue();
67 return Py_FindMethod(crypto_X509Name_methods, (PyObject *)self, name);
68 }
69
70
71=== modified file 'src/util.c'
72--- src/util.c 2009-07-08 16:48:33 +0000
73+++ src/util.c 2009-07-16 20:25:19 +0000
74@@ -2,6 +2,7 @@
75 * util.c
76 *
77 * Copyright (C) AB Strakt 2001, All rights reserved
78+ * Copyright (C) Jean-Paul Calderone 2009, All rights reserved
79 *
80 * Utility functions.
81 * See the file RATIONALE for a short explanation of why this module was written.
82@@ -19,15 +20,13 @@
83 * Returns: A list of errors (new reference)
84 */
85 PyObject *
86-error_queue_to_list(void)
87-{
88+error_queue_to_list(void) {
89 PyObject *errlist, *tuple;
90 long err;
91
92 errlist = PyList_New(0);
93
94- while ((err = ERR_get_error()) != 0)
95- {
96+ while ((err = ERR_get_error()) != 0) {
97 tuple = Py_BuildValue("(sss)", ERR_lib_error_string(err),
98 ERR_func_error_string(err),
99 ERR_reason_error_string(err));
100@@ -38,8 +37,7 @@
101 return errlist;
102 }
103
104-void exception_from_error_queue(PyObject *the_Error)
105-{
106+void exception_from_error_queue(PyObject *the_Error) {
107 PyObject *errlist = error_queue_to_list();
108 PyErr_SetObject(the_Error, errlist);
109 Py_DECREF(errlist);
110@@ -52,8 +50,7 @@
111 * Returns: None
112 */
113 void
114-flush_error_queue(void)
115-{
116- Py_DECREF(error_queue_to_list());
117+flush_error_queue(void) {
118+ PyObject *list = error_queue_to_list();
119+ Py_DECREF(list);
120 }
121-
122
123=== modified file 'test/util.py'
124--- test/util.py 2009-07-05 17:05:45 +0000
125+++ test/util.py 2009-07-16 20:25:19 +0000
126@@ -12,6 +12,8 @@
127 from tempfile import mktemp
128 from unittest import TestCase
129
130+from OpenSSL.crypto import Error, _exception_from_error_queue
131+
132
133 class TestCase(TestCase):
134 """
135@@ -30,7 +32,12 @@
136 shutil.rmtree(temp)
137 elif os.path.exists(temp):
138 os.unlink(temp)
139-
140+ try:
141+ _exception_from_error_queue()
142+ except Error, e:
143+ if e.args != ([],):
144+ self.fail("Left over errors in OpenSSL error queue: " + repr(e))
145+
146
147 def failUnlessIdentical(self, first, second, msg=None):
148 """

Subscribers

People subscribed via source and target branches

to status/vote changes: