bpo-43789: OpenSSL 3.0.0 Don't call passwd callback again in error case (GH-25303)

author Christian Heimes <christian@python.org>

Fri, 9 Apr 2021 13:23:38 +0000 (15:23 +0200)

committer GitHub <noreply@github.com>

Fri, 9 Apr 2021 13:23:38 +0000 (15:23 +0200)
author Christian Heimes <christian@python.org>
Fri, 9 Apr 2021 13:23:38 +0000 (15:23 +0200)
committer GitHub <noreply@github.com>
Fri, 9 Apr 2021 13:23:38 +0000 (15:23 +0200)
diff --git a/Misc/NEWS.d/next/Library/2021-04-09-14-08-03.bpo-43789.eaHlAm.rst b/Misc/NEWS.d/next/Library/2021-04-09-14-08-03.bpo-43789.eaHlAm.rst

new file mode 100644 (file)

index 0000000..1c08529
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2021-04-09-14-08-03.bpo-43789.eaHlAm.rst
@@ -0,0 +1,2 @@
+OpenSSL 3.0.0: Don't call the password callback function a second time when
+first call has signaled an error condition.
diff --git a/Modules/_ssl.c b/Modules/_ssl.c

index f3c3b20fe1ff1e57ee45f147197fb96a0ca26e83..94b06dd4b79e703fd93da60a334dacd3bf16a1e9 100644 (file)
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -3926,6 +3926,13 @@ _password_callback(char *buf, int size, int rwflag, void *userdata)
  
      PySSL_END_ALLOW_THREADS_S(pw_info->thread_state);
  
+    if (pw_info->error) {
+        /* already failed previously. OpenSSL 3.0.0-alpha14 invokes the
+         * callback multiple times which can lead to fatal Python error in
+         * exception check. */
+        goto error;
+    }
+
      if (pw_info->callable) {
          fn_ret = _PyObject_CallNoArg(pw_info->callable);
          if (!fn_ret) {
author	Christian Heimes <christian@python.org>
	Fri, 9 Apr 2021 13:23:38 +0000 (15:23 +0200)
committer	GitHub <noreply@github.com>
	Fri, 9 Apr 2021 13:23:38 +0000 (15:23 +0200)
Misc/NEWS.d/next/Library/2021-04-09-14-08-03.bpo-43789.eaHlAm.rst	[new file with mode: 0644]	patch \| blob
Modules/_ssl.c		patch \| blob \| blame \| history