Skip to content

Commit 54ba41e

Browse files
njsmithserhiy-storchaka
njsmith
authored and
serhiy-storchaka
committed
[3.5] bpo-30594: Fixed refcounting in newPySSLSocket (GH-1992) (#1993)
If pass a server_hostname= that fails IDNA decoding to SSLContext.wrap_socket or SSLContext.wrap_bio, then the SSLContext object had a spurious Py_DECREF called on it, eventually leading to segfaults. (cherry picked from commit 65ece7c)
1 parent e3a0ce2 commit 54ba41e

File tree

1 file changed

+1
-2
lines changed

1 file changed

+1
-2
lines changed

Modules/_ssl.c

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -570,6 +570,7 @@ newPySSLSocket(PySSLContext *sslctx, PySocketSockObject *sock,
570570
self->ssl = NULL;
571571
self->Socket = NULL;
572572
self->ctx = sslctx;
573+
Py_INCREF(sslctx);
573574
self->shutdown_seen_zero = 0;
574575
self->handshake_done = 0;
575576
self->owner = NULL;
@@ -584,8 +585,6 @@ newPySSLSocket(PySSLContext *sslctx, PySocketSockObject *sock,
584585
self->server_hostname = hostname;
585586
}
586587

587-
Py_INCREF(sslctx);
588-
589588
/* Make sure the SSL error state is initialized */
590589
(void) ERR_get_state();
591590
ERR_clear_error();

0 commit comments

Comments
 (0)