fix memory leak in _get_crl_dp (closes #25569)

Patch started by Stéphane Wirtel.
author: Benjamin Peterson <benjamin@python.org> 2015-11-11 22:07:38 -0800
committer: Benjamin Peterson <benjamin@python.org> 2015-11-11 22:07:38 -0800
commit: 59d451d68fb738b7d9c45d72f7d4f64c4c708f09 (patch)
tree: e2d09d389a38375be545625bd22d2302acafaa94 /Modules/_ssl.c
parent: 77d61d4156d8cd79ba26d0fad4fb083844f94cc0 (diff)
download: cpython-git-59d451d68fb738b7d9c45d72f7d4f64c4c708f09.tar.gz
1 files changed, 24 insertions, 28 deletions
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 17e1b852fe..a327ae289c 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -1015,25 +1015,23 @@ _get_aia_uri(X509 *certificate, int nid) {
 static PyObject *
 _get_crl_dp(X509 *certificate) {
     STACK_OF(DIST_POINT) *dps;
-    int i, j, result;
-    PyObject *lst;
+    int i, j;
+    PyObject *lst, *res = NULL;
 
 #if OPENSSL_VERSION_NUMBER < 0x10001000L
-    dps = X509_get_ext_d2i(certificate, NID_crl_distribution_points,
-                           NULL, NULL);
+    dps = X509_get_ext_d2i(certificate, NID_crl_distribution_points, NULL, NULL);
 #else
     /* Calls x509v3_cache_extensions and sets up crldp */
     X509_check_ca(certificate);
     dps = certificate->crldp;
 #endif
 
-    if (dps == NULL) {
+    if (dps == NULL)
         return Py_None;
-    }
 
-    if ((lst = PyList_New(0)) == NULL) {
-        return NULL;
-    }
+    lst = PyList_New(0);
+    if (lst == NULL)
+        goto done;
 
     for (i=0; i < sk_DIST_POINT_num(dps); i++) {
         DIST_POINT *dp;
@@ -1046,6 +1044,7 @@ _get_crl_dp(X509 *certificate) {
             GENERAL_NAME *gn;
             ASN1_IA5STRING *uri;
             PyObject *ouri;
+            int err;
 
             gn = sk_GENERAL_NAME_value(gns, j);
             if (gn->type != GEN_URI) {
@@ -1054,28 +1053,25 @@ _get_crl_dp(X509 *certificate) {
             uri = gn->d.uniformResourceIdentifier;
             ouri = PyUnicode_FromStringAndSize((char *)uri->data,
                                                uri->length);
-            if (ouri == NULL) {
-                Py_DECREF(lst);
-                return NULL;
-            }
-            result = PyList_Append(lst, ouri);
+            if (ouri == NULL)
+                goto done;
+
+            err = PyList_Append(lst, ouri);
             Py_DECREF(ouri);
-            if (result < 0) {
-                Py_DECREF(lst);
-                return NULL;
-            }
+            if (err < 0)
+                goto done;
         }
     }
-    /* convert to tuple or None */
-    if (PyList_Size(lst) == 0) {
-        Py_DECREF(lst);
-        return Py_None;
-    } else {
-        PyObject *tup;
-        tup = PyList_AsTuple(lst);
-        Py_DECREF(lst);
-        return tup;
-    }
+
+    /* Convert to tuple. */
+    res = (PyList_GET_SIZE(lst) > 0) ? PyList_AsTuple(lst) : Py_None;
+
+  done:
+    Py_XDECREF(lst);
+#if OPENSSL_VERSION_NUMBER < 0x10001000L
+    sk_DIST_POINT_free(dsp);
+#endif
+    return res;
 }
 
 static PyObject *
author	Benjamin Peterson <benjamin@python.org>	2015-11-11 22:07:38 -0800
committer	Benjamin Peterson <benjamin@python.org>	2015-11-11 22:07:38 -0800
commit	59d451d68fb738b7d9c45d72f7d4f64c4c708f09 (patch)
tree	e2d09d389a38375be545625bd22d2302acafaa94 /Modules/_ssl.c
parent	77d61d4156d8cd79ba26d0fad4fb083844f94cc0 (diff)
download	cpython-git-59d451d68fb738b7d9c45d72f7d4f64c4c708f09.tar.gz