mirrors/cpython
0
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2024-11-23 09:54:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

GH-103092: isolate _ssl (#104725)

Browse Source
This commit is contained in:
Kumar Aditya 2023-05-22 06:14:48 +05:30 committed by GitHub
parent 8817886ae5
commit b9c807a260
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 21 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
Modules/_ssl.c
View File

@ -6150,6 +6150,18 @@ sslmodule_init_strings(PyObject *module)
return 0; return 0;
} }
static int
sslmodule_init_lock(PyObject *module)
{
_sslmodulestate *state = get_ssl_state(module);
state->keylog_lock = PyThread_allocate_lock();
if (state->keylog_lock == NULL) {
PyErr_NoMemory();
return -1;
}
return 0;
}
static PyModuleDef_Slot sslmodule_slots[] = { static PyModuleDef_Slot sslmodule_slots[] = {
{Py_mod_exec, sslmodule_init_types}, {Py_mod_exec, sslmodule_init_types},
{Py_mod_exec, sslmodule_init_exceptions}, {Py_mod_exec, sslmodule_init_exceptions},
@ -6158,9 +6170,8 @@ static PyModuleDef_Slot sslmodule_slots[] = {
{Py_mod_exec, sslmodule_init_constants}, {Py_mod_exec, sslmodule_init_constants},
{Py_mod_exec, sslmodule_init_versioninfo}, {Py_mod_exec, sslmodule_init_versioninfo},
{Py_mod_exec, sslmodule_init_strings}, {Py_mod_exec, sslmodule_init_strings},
// XXX gh-103092: fix isolation. {Py_mod_exec, sslmodule_init_lock},
{Py_mod_multiple_interpreters, Py_MOD_MULTIPLE_INTERPRETERS_NOT_SUPPORTED}, {Py_mod_multiple_interpreters, Py_MOD_PER_INTERPRETER_GIL_SUPPORTED},
//{Py_mod_multiple_interpreters, Py_MOD_PER_INTERPRETER_GIL_SUPPORTED},
{0, NULL} {0, NULL}
}; };
@ -6219,6 +6230,8 @@ static void
sslmodule_free(void *m) sslmodule_free(void *m)
{ {
sslmodule_clear((PyObject *)m); sslmodule_clear((PyObject *)m);
_sslmodulestate *state = get_ssl_state(m);
PyThread_free_lock(state->keylog_lock);
} }
static struct PyModuleDef _sslmodule_def = { static struct PyModuleDef _sslmodule_def = {

2
Modules/_ssl.h
View File

@ -33,6 +33,8 @@ typedef struct {
PyObject *str_reason; PyObject *str_reason;
PyObject *str_verify_code; PyObject *str_verify_code;
PyObject *str_verify_message; PyObject *str_verify_message;
/* keylog lock */
PyThread_type_lock keylog_lock;
} _sslmodulestate; } _sslmodulestate;
static struct PyModuleDef _sslmodule_def; static struct PyModuleDef _sslmodule_def;

14
Modules/_ssl/debughelpers.c
View File

@ -118,30 +118,22 @@ _PySSL_keylog_callback(const SSL *ssl, const char *line)
PyGILState_STATE threadstate; PyGILState_STATE threadstate;
PySSLSocket *ssl_obj = NULL; /* ssl._SSLSocket, borrowed ref */ PySSLSocket *ssl_obj = NULL; /* ssl._SSLSocket, borrowed ref */
int res, e; int res, e;
static PyThread_type_lock *lock = NULL;
threadstate = PyGILState_Ensure(); threadstate = PyGILState_Ensure();
ssl_obj = (PySSLSocket *)SSL_get_app_data(ssl); ssl_obj = (PySSLSocket *)SSL_get_app_data(ssl);
assert(Py_IS_TYPE(ssl_obj, get_state_sock(ssl_obj)->PySSLSocket_Type)); assert(Py_IS_TYPE(ssl_obj, get_state_sock(ssl_obj)->PySSLSocket_Type));
PyThread_type_lock lock = get_state_sock(ssl_obj)->keylog_lock;
assert(lock != NULL);
if (ssl_obj->ctx->keylog_bio == NULL) { if (ssl_obj->ctx->keylog_bio == NULL) {
return; return;
} }
/*
/* Allocate a static lock to synchronize writes to keylog file.
* The lock is neither released on exit nor on fork(). The lock is * The lock is neither released on exit nor on fork(). The lock is
* also shared between all SSLContexts although contexts may write to * also shared between all SSLContexts although contexts may write to
* their own files. IMHO that's good enough for a non-performance * their own files. IMHO that's good enough for a non-performance
* critical debug helper. * critical debug helper.
*/ */
if (lock == NULL) {
lock = PyThread_allocate_lock();
if (lock == NULL) {
PyErr_SetString(PyExc_MemoryError, "Unable to allocate lock");
ssl_obj->exc = PyErr_GetRaisedException();
return;
}
}
PySSL_BEGIN_ALLOW_THREADS PySSL_BEGIN_ALLOW_THREADS
PyThread_acquire_lock(lock, 1); PyThread_acquire_lock(lock, 1);