mirror of
https://github.com/python/cpython.git
synced 2024-11-27 03:45:08 +08:00
GH-103092: isolate _ssl
(#104725)
This commit is contained in:
parent
8817886ae5
commit
b9c807a260
@ -6150,6 +6150,18 @@ sslmodule_init_strings(PyObject *module)
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int
|
||||
sslmodule_init_lock(PyObject *module)
|
||||
{
|
||||
_sslmodulestate *state = get_ssl_state(module);
|
||||
state->keylog_lock = PyThread_allocate_lock();
|
||||
if (state->keylog_lock == NULL) {
|
||||
PyErr_NoMemory();
|
||||
return -1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
static PyModuleDef_Slot sslmodule_slots[] = {
|
||||
{Py_mod_exec, sslmodule_init_types},
|
||||
{Py_mod_exec, sslmodule_init_exceptions},
|
||||
@ -6158,9 +6170,8 @@ static PyModuleDef_Slot sslmodule_slots[] = {
|
||||
{Py_mod_exec, sslmodule_init_constants},
|
||||
{Py_mod_exec, sslmodule_init_versioninfo},
|
||||
{Py_mod_exec, sslmodule_init_strings},
|
||||
// XXX gh-103092: fix isolation.
|
||||
{Py_mod_multiple_interpreters, Py_MOD_MULTIPLE_INTERPRETERS_NOT_SUPPORTED},
|
||||
//{Py_mod_multiple_interpreters, Py_MOD_PER_INTERPRETER_GIL_SUPPORTED},
|
||||
{Py_mod_exec, sslmodule_init_lock},
|
||||
{Py_mod_multiple_interpreters, Py_MOD_PER_INTERPRETER_GIL_SUPPORTED},
|
||||
{0, NULL}
|
||||
};
|
||||
|
||||
@ -6219,6 +6230,8 @@ static void
|
||||
sslmodule_free(void *m)
|
||||
{
|
||||
sslmodule_clear((PyObject *)m);
|
||||
_sslmodulestate *state = get_ssl_state(m);
|
||||
PyThread_free_lock(state->keylog_lock);
|
||||
}
|
||||
|
||||
static struct PyModuleDef _sslmodule_def = {
|
||||
|
@ -33,6 +33,8 @@ typedef struct {
|
||||
PyObject *str_reason;
|
||||
PyObject *str_verify_code;
|
||||
PyObject *str_verify_message;
|
||||
/* keylog lock */
|
||||
PyThread_type_lock keylog_lock;
|
||||
} _sslmodulestate;
|
||||
|
||||
static struct PyModuleDef _sslmodule_def;
|
||||
|
@ -118,30 +118,22 @@ _PySSL_keylog_callback(const SSL *ssl, const char *line)
|
||||
PyGILState_STATE threadstate;
|
||||
PySSLSocket *ssl_obj = NULL; /* ssl._SSLSocket, borrowed ref */
|
||||
int res, e;
|
||||
static PyThread_type_lock *lock = NULL;
|
||||
|
||||
threadstate = PyGILState_Ensure();
|
||||
|
||||
ssl_obj = (PySSLSocket *)SSL_get_app_data(ssl);
|
||||
assert(Py_IS_TYPE(ssl_obj, get_state_sock(ssl_obj)->PySSLSocket_Type));
|
||||
PyThread_type_lock lock = get_state_sock(ssl_obj)->keylog_lock;
|
||||
assert(lock != NULL);
|
||||
if (ssl_obj->ctx->keylog_bio == NULL) {
|
||||
return;
|
||||
}
|
||||
|
||||
/* Allocate a static lock to synchronize writes to keylog file.
|
||||
/*
|
||||
* The lock is neither released on exit nor on fork(). The lock is
|
||||
* also shared between all SSLContexts although contexts may write to
|
||||
* their own files. IMHO that's good enough for a non-performance
|
||||
* critical debug helper.
|
||||
*/
|
||||
if (lock == NULL) {
|
||||
lock = PyThread_allocate_lock();
|
||||
if (lock == NULL) {
|
||||
PyErr_SetString(PyExc_MemoryError, "Unable to allocate lock");
|
||||
ssl_obj->exc = PyErr_GetRaisedException();
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
PySSL_BEGIN_ALLOW_THREADS
|
||||
PyThread_acquire_lock(lock, 1);
|
||||
|
Loading…
Reference in New Issue
Block a user