- 
          
- 
                Notifications
    You must be signed in to change notification settings 
- Fork 33.2k
Closed
Labels
extension-modulesC modules in the Modules dirC modules in the Modules dirtopic-SSLtype-bugAn unexpected behavior, bug, or errorAn unexpected behavior, bug, or error
Description
Bug report
sslmodule_init_constants does not return -1 when any of PyModule_Add* calls fail.
For example, PyModule_AddIntConstant returns -1 on error, but it is never checked:
Lines 5790 to 5831 in 96cbd1e
| PyModule_AddStringConstant(m, "_DEFAULT_CIPHERS", | |
| PY_SSL_DEFAULT_CIPHER_STRING); | |
| PyModule_AddIntConstant(m, "SSL_ERROR_ZERO_RETURN", | |
| PY_SSL_ERROR_ZERO_RETURN); | |
| PyModule_AddIntConstant(m, "SSL_ERROR_WANT_READ", | |
| PY_SSL_ERROR_WANT_READ); | |
| PyModule_AddIntConstant(m, "SSL_ERROR_WANT_WRITE", | |
| PY_SSL_ERROR_WANT_WRITE); | |
| PyModule_AddIntConstant(m, "SSL_ERROR_WANT_X509_LOOKUP", | |
| PY_SSL_ERROR_WANT_X509_LOOKUP); | |
| PyModule_AddIntConstant(m, "SSL_ERROR_SYSCALL", | |
| PY_SSL_ERROR_SYSCALL); | |
| PyModule_AddIntConstant(m, "SSL_ERROR_SSL", | |
| PY_SSL_ERROR_SSL); | |
| PyModule_AddIntConstant(m, "SSL_ERROR_WANT_CONNECT", | |
| PY_SSL_ERROR_WANT_CONNECT); | |
| /* non ssl.h errorcodes */ | |
| PyModule_AddIntConstant(m, "SSL_ERROR_EOF", | |
| PY_SSL_ERROR_EOF); | |
| PyModule_AddIntConstant(m, "SSL_ERROR_INVALID_ERROR_CODE", | |
| PY_SSL_ERROR_INVALID_ERROR_CODE); | |
| /* cert requirements */ | |
| PyModule_AddIntConstant(m, "CERT_NONE", | |
| PY_SSL_CERT_NONE); | |
| PyModule_AddIntConstant(m, "CERT_OPTIONAL", | |
| PY_SSL_CERT_OPTIONAL); | |
| PyModule_AddIntConstant(m, "CERT_REQUIRED", | |
| PY_SSL_CERT_REQUIRED); | |
| /* CRL verification for verification_flags */ | |
| PyModule_AddIntConstant(m, "VERIFY_DEFAULT", | |
| 0); | |
| PyModule_AddIntConstant(m, "VERIFY_CRL_CHECK_LEAF", | |
| X509_V_FLAG_CRL_CHECK); | |
| PyModule_AddIntConstant(m, "VERIFY_CRL_CHECK_CHAIN", | |
| X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL); | |
| PyModule_AddIntConstant(m, "VERIFY_X509_STRICT", | |
| X509_V_FLAG_X509_STRICT); | |
| PyModule_AddIntConstant(m, "VERIFY_ALLOW_PROXY_CERTS", | |
| X509_V_FLAG_ALLOW_PROXY_CERTS); | |
| PyModule_AddIntConstant(m, "VERIFY_X509_TRUSTED_FIRST", | |
| X509_V_FLAG_TRUSTED_FIRST); | 
Other ``sslmodule_init_*` functions do check for errors correctly.
I have a PR ready.
Linked PRs
Metadata
Metadata
Assignees
Labels
extension-modulesC modules in the Modules dirC modules in the Modules dirtopic-SSLtype-bugAn unexpected behavior, bug, or errorAn unexpected behavior, bug, or error