[Python-checkins] bpo-43789: OpenSSL 3.0.0 Don't call passwd callback again in error case (GH-25303)
tiran
webhook-mailer at python.org
Fri Apr 9 09:23:47 EDT 2021
https://github.com/python/cpython/commit/d3b73f32ef7c693a6ae8c54eb0e62df3b5315caf
commit: d3b73f32ef7c693a6ae8c54eb0e62df3b5315caf
branch: master
author: Christian Heimes <christian at python.org>
committer: tiran <christian at python.org>
date: 2021-04-09T15:23:38+02:00
summary:
bpo-43789: OpenSSL 3.0.0 Don't call passwd callback again in error case (GH-25303)
files:
A Misc/NEWS.d/next/Library/2021-04-09-14-08-03.bpo-43789.eaHlAm.rst
M Modules/_ssl.c
diff --git a/Misc/NEWS.d/next/Library/2021-04-09-14-08-03.bpo-43789.eaHlAm.rst b/Misc/NEWS.d/next/Library/2021-04-09-14-08-03.bpo-43789.eaHlAm.rst
new file mode 100644
index 0000000000000..1c0852946214d
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2021-04-09-14-08-03.bpo-43789.eaHlAm.rst
@@ -0,0 +1,2 @@
+OpenSSL 3.0.0: Don't call the password callback function a second time when
+first call has signaled an error condition.
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index f3c3b20fe1ff1..94b06dd4b79e7 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -3926,6 +3926,13 @@ _password_callback(char *buf, int size, int rwflag, void *userdata)
PySSL_END_ALLOW_THREADS_S(pw_info->thread_state);
+ if (pw_info->error) {
+ /* already failed previously. OpenSSL 3.0.0-alpha14 invokes the
+ * callback multiple times which can lead to fatal Python error in
+ * exception check. */
+ goto error;
+ }
+
if (pw_info->callable) {
fn_ret = _PyObject_CallNoArg(pw_info->callable);
if (!fn_ret) {
More information about the Python-checkins
mailing list