Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL
distribution points with empty DP or URI correctly. A malicious or buggy
certificate can result into segfault.
Signed-off-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue35746
(cherry picked from commit a37f52436f)
Co-authored-by: Christian Heimes <christian@python.org>
Previously, calling the strftime() method on a datetime object with a
trailing '%' in the format string would result in an exception. However,
this only occured when the datetime C module was being used; the python
implementation did not match this behavior. Datetime is now PEP-399
compliant, and will not throw an exception on a trailing '%'.
(cherry picked from commit 454b3d4ea2)
Co-authored-by: MichaelSaah <mike.saah@gmail.com>
Fix memory leaks in asyncio ProactorEventLoop on overlapped operation
failures.
Changes:
* Implement the tp_traverse slot in the _overlapped.Overlapped type
to help to break reference cycles and identify referrers in the
garbage collector.
* Always clear overlapped on failure: not only set type to
TYPE_NOT_STARTED, but release also resources.
(cherry picked from commit 5485085b32)
Co-authored-by: Victor Stinner <vstinner@redhat.com>
Fix a memory leak in asyncio in the ProactorEventLoop when ReadFile()
or WSASend() overlapped operation fail immediately: release the
internal buffer.
(cherry picked from commit a234e14839)
Co-authored-by: Victor Stinner <vstinner@redhat.com>
It doesn't know the details of a few less common libc functions..
(cherry picked from commit 1d300ce1d8)
Co-authored-by: Gregory P. Smith <greg@krypto.org> [Google]
Use crypt_r() when available instead of crypt() in the crypt module.
As a nice side effect: This also avoids a memory sanitizer flake as clang msan doesn't know about crypt's internal libc allocated buffer.
(cherry picked from commit 387512c7ec)
Co-authored-by: Gregory P. Smith <greg@krypto.org> [Google]
Add Clang Memory Sanitizer build instrumentation to work around
false positives from the socket and time modules as well as skipping
a couple test_faulthandler tests.
(cherry picked from commit b474e6774d)
Co-authored-by: Gregory P. Smith <greg@krypto.org>
"dll" would leak if an error occurred in _validate_paramflags() or
GenericPyCData_new().
(cherry picked from commit d77d97c9a1)
Co-authored-by: Zackery Spytz <zspytz@gmail.com>
* bpo-35454: Fix miscellaneous minor issues in error handling.
* Fix a null pointer dereference.
(cherry picked from commit 8905fcc85a)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Include <pyconfig.h> ealier in Modules/expat/xmltok.c to define
properly _POSIX_C_SOURCE. Python defines _POSIX_C_SOURCE as 200809L,
whereas <features.h> (included indirectly by <string.h>) defines
_POSIX_C_SOURCE as 199506L.
(cherry picked from commit cf247359d5)
Co-authored-by: Victor Stinner <vstinner@redhat.com>
The length check for AF_ALG salg_name and salg_type had a off-by-one
error. The code assumed that both values are not necessarily NULL
terminated. However the Kernel code for alg_bind() ensures that the last
byte of both strings are NULL terminated.
Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 2eb6ad8578)
In _localemodule.c and selectmodule.c, remove dead code that would
cause double decrefs if run.
In addition, replace PyList_SetItem() with PyList_SET_ITEM() in cases
where a new list is populated and there is no possibility of an error.
In addition, check if the list changed size in the loop in array_array_fromlist().
(cherry picked from commit 99d56b5356)
Co-authored-by: Zackery Spytz <zspytz@gmail.com>
select() calls are retried on EINTR (per PEP 475). However, if a
timeout was provided and the deadline has passed after running the
signal handlers, rlist, wlist and xlist should be cleared since select(2)
left them unmodified.
(cherry picked from commit 7f52415a6d)
Co-authored-by: Oran Avraham <252748+oranav@users.noreply.github.com>
* bpo-35373: Fix PyInit_timezone() error handling
PyInit_timezone() now returns -1 at exit if an exception is raised.
Check also explicitly PyUnicode_DecodeLocale() and Py_BuildValue()
errors.
* bpo-35373: Fix PyInit_time() error handling (GH-10865)
* PyInit_time() now returns NULL if an exception is raised.
* Rename PyInit_timezone() to init_timezone(). "PyInit_" prefix is
a special prefix for function initializing a module.
init_timezone() doesn't initialize a module and the function is not
exported.
(cherry picked from commit 3bb150d814)
get_gmtoff() now returns time_t instead of int to fix the following
Visual Studio warning:
Modules\timemodule.c(1183): warning C4244: 'return':
conversion from 'time_t' to 'int', possible loss of data
(cherry picked from commit 503ce5c482)
Fix also return type for few other functions (clear, releasebuffer).
(cherry picked from commit d4f9cf5545)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
* bpo-35189: Fix eintr_tester.py (GH-10637)
Call setitimer() before each test method, instead of once per test
case, to ensure that signals are sent in each test method.
Previously, only the first method of a testcase class got signals.
Changes:
* Replace setUpClass() with setUp() and replace tearDownClass() with
tearDown().
* tearDown() now ensures that at least one signal has been sent.
* Replace support.run_unittest() with unittest.main() which has
a nicer CLI and automatically discover test cases.
(cherry picked from commit aac1f81eef)
* bpo-35189: Retry fnctl calls on EINTR (GH-10413)
Modify the following fnctl function to retry if interrupted by a signal
(EINTR): flock, lockf, fnctl.
(cherry picked from commit b409ffa848)
Co-Authored-By: nierob <nierob@users.noreply.github.com>
os_read_impl() now also truncates the size to _PY_READ_MAX
on macOS, to avoid to allocate a larger buffer even if _Py_read() is
limited to _PY_READ_MAX bytes (ex: INT_MAX on macOS).
(cherry picked from commit 9a0d7a7648)
Co-authored-by: Victor Stinner <vstinner@redhat.com>
locale.localeconv() now sets temporarily the LC_CTYPE locale to the
LC_MONETARY locale if the two locales are different and monetary
strings are non-ASCII. This temporary change affects other threads.
Changes:
* locale.localeconv() can now set LC_CTYPE to LC_MONETARY to decode
monetary fields.
* Add LocaleInfo.grouping_buffer: copy localeconv() grouping string
since it can be replaced anytime if a different thread calls
localeconv().
(cherry picked from commit 02e6bf7f20)
Fixes assertion failures in _datetimemodule.c
introduced in the previous fix (see bpo-31752).
Rather of trying to handle an int subclass as exact int,
let it to use overridden special methods, but check the
result of divmod().
(cherry picked from commit 3ec0f49516)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
test_embed.InitConfigTests tests more configuration variables.
Changes:
* InitConfigTests tests more core configuration variables:
* base_exec_prefix
* base_prefix
* exec_prefix
* home
* module_search_path_env
* prefix
* "_testembed init_from_config" tests more variables:
* argv
* warnoptions
* xoptions
* Py_HasFileSystemDefaultEncoding value is no longer tested since it
depends on the LC_CTYPE locale and the platform.
* InitConfigTests: add check_global_config(), check_core_config() and
check_main_config() subfunctions to cleanup the code. Move also
constants at the class level (ex: COPY_MAIN_CONFIG).
* Use more macros in _PyCoreConfig_AsDict() and
_PyMainInterpreterConfig_AsDict() to reduce code duplication.
* Other minor cleanups.
(cherry picked from commit 01de89cb59)
* Add C functions:
* _Py_GetGlobalVariablesAsDict()
* _PyCoreConfig_AsDict()
* _PyMainInterpreterConfig_AsDict()
* Add new _testcapi methods:
* get_global_config()
* get_core_config()
* get_main_config()
* test.pythoninfo: get global, core and main configuration
* _testembed now serializes global, core and main configurations
using JSON to reuse _Py_GetGlobalVariablesAsDict(),
_PyCoreConfig_AsDict() and _PyMainInterpreterConfig_AsDict(),
rather than duplicating code.
* test_embed.InitConfigTests now test much more configuration
variables
If tracemalloc is not tracing Python memory allocations,
_PyMem_DumpTraceback() now suggests to enable tracemalloc
to get the traceback where the memory block has been allocated.
Rename our new MEMORY_SANITIZER define to _Py_MEMORY_SANITIZER.
Project based C Preprocessor namespacing at its finest. :P
(cherry picked from commit 3015fb8ce4)
Co-authored-by: Gregory P. Smith <greg@krypto.org>
Adds configure flags for msan and ubsan builds to make it easier to enable.
These also encode the detail that address sanitizer and memory sanitizer
should disable pymalloc.
Define MEMORY_SANITIZER when appropriate at build time and adds workarounds
to existing code to mark things as initialized where the sanitizer is otherwise unable to
determine that. This lets our build succeed under the memory sanitizer. not all tests
pass without sanitizer failures yet but we're in pretty good shape after this.
(cherry picked from commit 1584a00815)
Co-authored-by: Gregory P. Smith <greg@krypto.org> [Google LLC]
This typo doesn't affect the result because wrong bits are discarded
on implicit conversion to unsigned char, but it trips UBSan
with -fsanitize=implicit-integer-truncation.
https://bugs.python.org/issue35194
(cherry picked from commit 7a69cf47a9)
Co-authored-by: Alexey Izbyshev <izbyshev@ispras.ru>
