python/mysqlclient
1
0
Fork 0
mirror of https://github.com/PyMySQL/mysqlclient.git synced 2025-08-14 18:12:35 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #85 from methane/fix/ssl-dangling-pointer

Browse Source 
Fix accessing buffer of decrefed string
This commit is contained in:
INADA Naoki
2016-05-12 10:28:53 +09:00
parent 9657ee06d5 012e91a03a
commit 42c2b22f21
1 changed files with 20 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
_mysql.c
View File

@ -530,10 +530,12 @@ _mysql_ConnectionObject_Initialize(
PyObject *ssl = NULL; PyObject *ssl = NULL;
#if HAVE_OPENSSL #if HAVE_OPENSSL
char *key = NULL, *cert = NULL, *ca = NULL, char *key = NULL, *cert = NULL, *ca = NULL,
*capath = NULL, *cipher = NULL; *capath = NULL, *cipher = NULL;
PyObject *ssl_keepref[5] = {};
int n_ssl_keepref = 0;
#endif #endif
char *host = NULL, *user = NULL, *passwd = NULL, char *host = NULL, *user = NULL, *passwd = NULL,
*db = NULL, *unix_socket = NULL; *db = NULL, *unix_socket = NULL;
unsigned int port = 0; unsigned int port = 0;
unsigned int client_flag = 0; unsigned int client_flag = 0;
static char *kwlist[] = { "host", "user", "passwd", "db", "port", static char *kwlist[] = { "host", "user", "passwd", "db", "port",
@ -586,11 +588,11 @@ _mysql_ConnectionObject_Initialize(
#ifdef IS_PY3K #ifdef IS_PY3K
#define _stringsuck(d,t,s) {t=PyMapping_GetItemString(s,#d);\ #define _stringsuck(d,t,s) {t=PyMapping_GetItemString(s,#d);\
if(t){d=PyUnicode_AsUTF8(t);Py_DECREF(t);}\ if(t){d=PyUnicode_AsUTF8(t);ssl_keepref[n_ssl_keepref++]=t;}\
PyErr_Clear();} PyErr_Clear();}
#else #else
#define _stringsuck(d,t,s) {t=PyMapping_GetItemString(s,#d);\ #define _stringsuck(d,t,s) {t=PyMapping_GetItemString(s,#d);\
if(t){d=PyString_AsString(t);Py_DECREF(t);}\ if(t){d=PyString_AsString(t);ssl_keepref[n_ssl_keepref++]=t;}\
PyErr_Clear();} PyErr_Clear();}
#endif #endif
@ -645,9 +647,9 @@ _mysql_ConnectionObject_Initialize(
mysql_options(&(self->connection), MYSQL_OPT_LOCAL_INFILE, (char *) &local_infile); mysql_options(&(self->connection), MYSQL_OPT_LOCAL_INFILE, (char *) &local_infile);
#if HAVE_OPENSSL #if HAVE_OPENSSL
if (ssl) if (ssl) {
mysql_ssl_set(&(self->connection), mysql_ssl_set(&(self->connection), key, cert, ca, capath, cipher);
key, cert, ca, capath, cipher); }
#endif #endif
conn = mysql_real_connect(&(self->connection), host, user, passwd, db, conn = mysql_real_connect(&(self->connection), host, user, passwd, db,
@ -655,12 +657,22 @@ _mysql_ConnectionObject_Initialize(
Py_END_ALLOW_THREADS ; Py_END_ALLOW_THREADS ;
#if HAVE_OPENSSL
if (ssl) {
int i;
for (i=0; i<n_ssl_keepref; i++) {
Py_DECREF(ssl_keepref[i]);
ssl_keepref[i] = NULL;
}
}
#endif
if (!conn) { if (!conn) {
_mysql_Exception(self); _mysql_Exception(self);
return -1; return -1;
} }
/* Internal references to python-land objects */ /* Internal references to python-land objects */
if (!conv) if (!conv)
conv = PyDict_New(); conv = PyDict_New();
else else