diff options
author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2017-11-30 20:55:25 +0800 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2017-11-30 07:55:25 -0500 |
commit | e73818600065821d588af475b024f4eb518c3509 (patch) | |
tree | 8133b415490c43308be803927c0c51515b46af89 /src/OpenSSL/SSL.py | |
parent | f724786613f90eb6e6ea26f4dbe17a1cda238d1e (diff) | |
download | pyopenssl-e73818600065821d588af475b024f4eb518c3509.tar.gz |
fix a memory leak and a potential UAF and also #722 (#723)
* fix a memory leak and a potential UAF and also #722
* sanity check
* bump cryptography minimum version, add changelog
Diffstat (limited to 'src/OpenSSL/SSL.py')
-rw-r--r-- | src/OpenSSL/SSL.py | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py index 32c038a..ec33814 100644 --- a/src/OpenSSL/SSL.py +++ b/src/OpenSSL/SSL.py @@ -309,8 +309,9 @@ class _VerifyHelper(_CallbackExceptionHelper): @wraps(callback) def wrapper(ok, store_ctx): - cert = X509.__new__(X509) - cert._x509 = _lib.X509_STORE_CTX_get_current_cert(store_ctx) + x509 = _lib.X509_STORE_CTX_get_current_cert(store_ctx) + _lib.X509_up_ref(x509) + cert = X509._from_raw_x509_ptr(x509) error_number = _lib.X509_STORE_CTX_get_error(store_ctx) error_depth = _lib.X509_STORE_CTX_get_error_depth(store_ctx) |