diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2018-08-31 09:04:25 -0400 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2018-08-31 09:04:25 -0400 |
| commit | 9a53a4b9aadb4522d9354d722c3dbdfcb5bbf0bc (patch) | |
| tree | 58029a6ecb593c47f32d9e44c4436888918561ea /src | |
| parent | 6511f88140da1e948cdaa63a4f8d0fef21003b34 (diff) | |
| download | cryptography-9a53a4b9aadb4522d9354d722c3dbdfcb5bbf0bc.tar.gz cryptography-9a53a4b9aadb4522d9354d722c3dbdfcb5bbf0bc.tar.bz2 cryptography-9a53a4b9aadb4522d9354d722c3dbdfcb5bbf0bc.zip | |
Fixed two memory leaks in x509 csr extensions (#4434)
* Fixed a memory leak in x.509 OCSP no check
* Fix the _actual_ leak
* Speed up symbolizations
* Disable backtrace by default, because it doesn't work on Windows
* line length
Diffstat (limited to 'src')
| -rw-r--r-- | src/_cffi_src/openssl/x509.py | 3 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 11 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/x509.py | 8 |
3 files changed, 19 insertions, 3 deletions
diff --git a/src/_cffi_src/openssl/x509.py b/src/_cffi_src/openssl/x509.py index 59fdbf7e..3f2ac90d 100644 --- a/src/_cffi_src/openssl/x509.py +++ b/src/_cffi_src/openssl/x509.py @@ -76,6 +76,8 @@ static const int XN_FLAG_FN_ALIGN; static const int XN_FLAG_RFC2253; static const int XN_FLAG_ONELINE; static const int XN_FLAG_MULTILINE; + +typedef void (*sk_X509_EXTENSION_freefunc)(X509_EXTENSION *); """ FUNCTIONS = """ @@ -282,6 +284,7 @@ int sk_X509_EXTENSION_push(X509_EXTENSIONS *, X509_EXTENSION *); int sk_X509_EXTENSION_insert(X509_EXTENSIONS *, X509_EXTENSION *, int); X509_EXTENSION *sk_X509_EXTENSION_delete(X509_EXTENSIONS *, int); void sk_X509_EXTENSION_free(X509_EXTENSIONS *); +void sk_X509_EXTENSION_pop_free(X509_EXTENSIONS *, sk_X509_EXTENSION_freefunc); int sk_X509_REVOKED_num(Cryptography_STACK_OF_X509_REVOKED *); X509_REVOKED *sk_X509_REVOKED_value(Cryptography_STACK_OF_X509_REVOKED *, int); diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index bdf8f370..cfd7c89f 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -707,10 +707,15 @@ class Backend(object): sk_extension = self._lib.sk_X509_EXTENSION_new_null() self.openssl_assert(sk_extension != self._ffi.NULL) sk_extension = self._ffi.gc( - sk_extension, self._lib.sk_X509_EXTENSION_free + sk_extension, + lambda x: self._lib.sk_X509_EXTENSION_pop_free( + x, self._ffi.addressof( + self._lib._original_lib, "X509_EXTENSION_free" + ) + ) ) - # gc is not necessary for CSRs, as sk_X509_EXTENSION_free - # will release all the X509_EXTENSIONs. + # Don't GC individual extensions because the memory is owned by + # sk_extensions and will be freed along with it. self._create_x509_extensions( extensions=builder._extensions, handlers=_EXTENSION_ENCODE_HANDLERS, diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index b870eeb7..a7a2c70d 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -429,6 +429,14 @@ class _CertificateSigningRequest(object): @utils.cached_property def extensions(self): x509_exts = self._backend._lib.X509_REQ_get_extensions(self._x509_req) + x509_exts = self._backend._ffi.gc( + x509_exts, + lambda x: self._backend._lib.sk_X509_EXTENSION_pop_free( + x, self._backend._ffi.addressof( + self._backend._lib._original_lib, "X509_EXTENSION_free" + ) + ) + ) return _CSR_EXTENSION_PARSER.parse(self._backend, x509_exts) def public_bytes(self, encoding): |