fix a memory leak and a potential UAF and also #722 (#723)

* fix a memory leak and a potential UAF and also #722 * sanity check * bump cryptography minimum version, add changelog
author: Paul Kehrer <paul.l.kehrer@gmail.com> 2017-11-30 20:55:25 +0800
committer: Alex Gaynor <alex.gaynor@gmail.com> 2017-11-30 07:55:25 -0500
commit: e73818600065821d588af475b024f4eb518c3509 (patch)
tree: 8133b415490c43308be803927c0c51515b46af89 /src/OpenSSL/SSL.py
parent: f724786613f90eb6e6ea26f4dbe17a1cda238d1e (diff)
download: pyopenssl-e73818600065821d588af475b024f4eb518c3509.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py
index 32c038a..ec33814 100644
--- a/src/OpenSSL/SSL.py
+++ b/src/OpenSSL/SSL.py
@@ -309,8 +309,9 @@ class _VerifyHelper(_CallbackExceptionHelper):
 
         @wraps(callback)
         def wrapper(ok, store_ctx):
-            cert = X509.__new__(X509)
-            cert._x509 = _lib.X509_STORE_CTX_get_current_cert(store_ctx)
+            x509 = _lib.X509_STORE_CTX_get_current_cert(store_ctx)
+            _lib.X509_up_ref(x509)
+            cert = X509._from_raw_x509_ptr(x509)
             error_number = _lib.X509_STORE_CTX_get_error(store_ctx)
             error_depth = _lib.X509_STORE_CTX_get_error_depth(store_ctx)
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2017-11-30 20:55:25 +0800
committer	Alex Gaynor <alex.gaynor@gmail.com>	2017-11-30 07:55:25 -0500
commit	e73818600065821d588af475b024f4eb518c3509 (patch)
tree	8133b415490c43308be803927c0c51515b46af89 /src/OpenSSL/SSL.py
parent	f724786613f90eb6e6ea26f4dbe17a1cda238d1e (diff)
download	pyopenssl-e73818600065821d588af475b024f4eb518c3509.tar.gz