This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: Leak in "_hashlib.new()" if argument is not a string
Type: resource usage Stage: resolved
Components: Library (Lib) Versions: Python 2.7
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: amaury.forgeotdarc Nosy List: amaury.forgeotdarc, jcea, mfoetsch, pitrou, python-dev
Priority: normal Keywords: patch

Created on 2012-06-28 16:45 by mfoetsch, last changed 2022-04-11 14:57 by admin. This issue is now closed.

Files
File name Uploaded Description Edit
hashlib-leak.patch amaury.forgeotdarc, 2012-06-28 17:39 review
Messages (8)
msg164274 - (view) Author: Michael Fötsch (mfoetsch) * Date: 2012-06-28 16:45 
If the "name" argument to "_hashlib.new()" is not a string, the reference count for the "string" argument is not decremented.

In the file "Modules/_hashopenssl.c", function "EVP_new()", a call to "PyBuffer_Release()" is missing:

  if (!PyArg_Parse(name_obj, "s", &name)) {
+     PyBuffer_Release(&view);
      PyErr_SetString(PyExc_TypeError, "name must be a string");
      return NULL;
  }
msg164276 - (view) Author: Michael Fötsch (mfoetsch) * Date: 2012-06-28 16:48 
The change is against the 2.7 branch. The 3.2 branch is not affected.
msg164277 - (view) Author: Jesús Cea Avión (jcea) * (Python committer) Date: 2012-06-28 17:00 
Could you possibly provide a testcase?.
msg164284 - (view) Author: Amaury Forgeot d'Arc (amaury.forgeotdarc) * (Python committer) Date: 2012-06-28 17:39 
Here is a test, which fails when I run regrtest with leak detection:
    ./python -m test.regrtest -R:: test_hashlib
msg164299 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2012-06-28 23:14 
Looks good to me.
msg164300 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2012-06-28 23:45 
New changeset 49dee01d72f9 by Amaury Forgeot d'Arc in branch '2.7':
Issue #15219: Fix a reference leak when hashlib.new() is called with
http://hg.python.org/cpython/rev/49dee01d72f9
msg164302 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2012-06-28 23:53 
New changeset c974c99acdf5 by Amaury Forgeot d'Arc in branch 'default':
Port tests from Issue #15219, and verify we don't have a reference leak.
http://hg.python.org/cpython/rev/c974c99acdf5
msg164303 - (view) Author: Amaury Forgeot d'Arc (amaury.forgeotdarc) * (Python committer) Date: 2012-06-28 23:54 
Fixed in 2.7, and ported test to 3.3.
Thanks for the report and the fix!
History
Date User Action Args
2022-04-11 14:57:32adminsetgithub: 59424
2012-06-28 23:54:30amaury.forgeotdarcsetstatus: open -> closed
resolution: fixed
messages: + msg164303

stage: commit review -> resolved
2012-06-28 23:53:43python-devsetmessages: + msg164302
2012-06-28 23:45:55python-devsetnosy: + python-dev
messages: + msg164300
2012-06-28 23:14:23pitrousetnosy: + pitrou
messages: + msg164299

assignee: amaury.forgeotdarc
stage: commit review
2012-06-28 17:39:38amaury.forgeotdarcsetfiles: + hashlib-leak.patch

nosy: + amaury.forgeotdarc
messages: + msg164284

keywords: + patch
2012-06-28 17:00:10jceasetnosy: + jcea
messages: + msg164277
2012-06-28 16:48:39mfoetschsetmessages: + msg164276
2012-06-28 16:45:53mfoetschcreate