This issue tracker has been migrated to GitHub ,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2014年10月24日 15:03 by mbasti, last changed 2022年04月11日 14:58 by admin. This issue is now closed.
| Messages (5) | |||
|---|---|---|---|
| msg229924 - (view) | Author: mbasti (mbasti) | Date: 2014年10月24日 15:03 | |
Hello, I'm getting null pointer dereference which leads to segmentation fault. I have no stable reproducer, but don't hesitate to contact me. Additional info is here: https://fedorahosted.org/freeipa/ticket/4649 python 2.7.8-4.1 (Fedora 21) #0 0x00007f3c4a66dde4 in newPySSLObject (ciphers=0x7f3c4544eeb4 "DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2", cacerts_file=<optimized out>, proto_version=PY_SSL_VERSION_SSL23, certreq=<optimized out>, socket_type=<optimized out>, cert_file=0x0, key_file=0x0, Sock=0x7f3c3fbafc30) at /usr/src/debug/Python-2.7.8/Modules/_ssl.c:317 317 self->ctx->options &= ~(SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); (gdb) p self->ctx 1ドル = (SSL_CTX *) 0x0 |
|||
| msg229927 - (view) | Author: Alex Gaynor (alex) * (Python committer) | Date: 2014年10月24日 15:08 | |
Are you able to test this against the 2.7 branch from hg? The ssl module received some significant attention for 2.7.9. |
|||
| msg229929 - (view) | Author: STINNER Victor (vstinner) * (Python committer) | Date: 2014年10月24日 15:13 | |
> 317 self->ctx->options &= ~(SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); I don't see this line in Python 2.7.8 vanilla: https://hg.python.org/cpython/file/ee879c0ffa11/Modules/_ssl.c It looks like Fedora patched the source code: http://pkgs.fedoraproject.org/cgit/python.git/tree/00195-enable-sslv23-in-ssl.patch I see an obvious bug in the Fedora patch: it dereferences self->ctx before checking if self->ctx is NULL. diff -up Python-2.7.8/Modules/_ssl.c.orig Python-2.7.8/Modules/_ssl.c --- Python-2.7.8/Modules/_ssl.c.orig 2014年07月17日 14:17:32.584362667 +0200 +++ Python-2.7.8/Modules/_ssl.c 2014年07月17日 14:17:38.215405930 +0200 @@ -312,8 +312,10 @@ newPySSLObject(PySocketSockObject *Sock, else if (proto_version == PY_SSL_VERSION_SSL2) self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ #endif - else if (proto_version == PY_SSL_VERSION_SSL23) + else if (proto_version == PY_SSL_VERSION_SSL23) { self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */ + self->ctx->options &= ~(SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); + } PySSL_END_ALLOW_THREADS if (self->ctx == NULL) { |
|||
| msg229930 - (view) | Author: STINNER Victor (vstinner) * (Python committer) | Date: 2014年10月24日 15:14 | |
Other Fedora patches on Python: https://apps.fedoraproject.org/packages/python/sources I see another *huge* patch on the ssl module, "ssl backport": http://pkgs.fedoraproject.org/cgit/python.git/tree/00196-ssl-backport.patch |
|||
| msg229932 - (view) | Author: mbasti (mbasti) | Date: 2014年10月24日 15:21 | |
Thank you for your fast reply! So I will file a fedora bug. Thanks again. |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022年04月11日 14:58:09 | admin | set | github: 66906 |
| 2014年10月24日 15:23:26 | r.david.murray | set | status: open -> closed resolution: third party stage: resolved |
| 2014年10月24日 15:21:40 | mbasti | set | messages: + msg229932 |
| 2014年10月24日 15:14:35 | vstinner | set | messages: + msg229930 |
| 2014年10月24日 15:13:05 | vstinner | set | nosy:
+ vstinner messages: + msg229929 |
| 2014年10月24日 15:08:17 | alex | set | nosy:
+ janssen, pitrou, giampaolo.rodola, christian.heimes, alex, dstufft messages: + msg229927 |
| 2014年10月24日 15:03:05 | mbasti | create | |