From 585e8dda186dfc855e045923ab39b5772c2743fd Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 23 Dec 2015 18:59:23 -0600 Subject: fix a potential memory issue when retaining revoked certs from a CRL --- src/cryptography/hazmat/backends/openssl/x509.py | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index 7e89ac67..12f5d46f 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -747,8 +747,16 @@ def _decode_cert_issuer(backend, ext): @utils.register_interface(x509.RevokedCertificate) class _RevokedCertificate(object): - def __init__(self, backend, x509_revoked): + def __init__(self, backend, crl, x509_revoked): self._backend = backend + # The X509_REVOKED_value is a X509_REVOKED * that has + # no reference counting. This means when X509_CRL_free is + # called then the CRL and all X509_REVOKED * are freed. Since + # you can retain a reference to a single revoked certificate + # and let the CRL fall out of scope we need to retain a + # private reference to the CRL inside the RevokedCertificate + # object to prevent the gc from being called inappropriately. + self._crl = crl self._x509_revoked = x509_revoked @property @@ -861,7 +869,10 @@ class _CertificateRevocationList(object): for i in range(num): r = self._backend._lib.sk_X509_REVOKED_value(revoked, i) self._backend.openssl_assert(r != self._backend._ffi.NULL) - revoked_list.append(_RevokedCertificate(self._backend, r)) + revoked_certificate = _RevokedCertificate( + self._backend, self, r + ) + revoked_list.append(revoked_certificate) return revoked_list -- cgit v1.2.3