Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gh-109534: fix reference leak when SSL handshake fails #114074

Merged
merged 2 commits into from
Feb 1, 2024
Merged

gh-109534: fix reference leak when SSL handshake fails #114074

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
17723a5
gh-109534: fix reference leak when SSL handshake fails
ordinary-jamie Jan 15, 2024
e77579d
Revert _on_handshake_complete changes and clear exception ref
ordinary-jamie Jan 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions Lib/asyncio/selector_events.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -235,6 +235,10 @@ async def _accept_connection2(
await waiter
except BaseException:
transport.close()
# gh-109534: When an exception is raised by the SSLProtocol object the
# exception set in this future can keep the protocol object alive and
# cause a reference cycle.
waiter = None
raise
# It's now up to the protocol to handle the connection.

Expand Down
18 changes: 7 additions & 11 deletions Lib/asyncio/sslproto.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -461,7 +461,7 @@ def eof_received(self):
logger.debug("%r received EOF", self)

if self._state == SSLProtocolState.DO_HANDSHAKE:
self._on_handshake_complete(ConnectionResetError)
self._on_handshake_complete(ConnectionResetError())
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @mjpieters; This fix caused the ssl-over-ssl test from GH-113214 (PR #113334) to fail and want to make sure I did not break anything on your end.

The test will raise ConnectionResetError (via SSLProtocol.eof_received) and normally this won't
be caught by the exception handler in SSLProtocol._fatal_error because it is of instance OSError. But because we no longer raise the exception in SSLProtocol._on_handshake_complete(exc), the exception object is never initialised and the isinstance doesn't work as intended. Changed SSLProtocol.eof_received to pass an exception object and not class to fix this.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not an expert in this area, but passing in an instance instead of the class looks fine by me. I did leave a comment on the removal of the try...except block however as this did more than just handle raise handshake_exc.


elif self._state == SSLProtocolState.WRAPPED:
self._set_state(SSLProtocolState.FLUSHING)
Expand Down Expand Up @@ -571,21 +571,17 @@ def _on_handshake_complete(self, handshake_exc):
self._handshake_timeout_handle = None

sslobj = self._sslobj
try:
if handshake_exc is None:
self._set_state(SSLProtocolState.WRAPPED)
else:
raise handshake_exc

if handshake_exc is None:
self._set_state(SSLProtocolState.WRAPPED)
peercert = sslobj.getpeercert()
except Exception as exc:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The exception handler here is intended to (also) catch exceptions raised by sslobj.getpeercert(). That is probably going to be an issue.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In other words: you can't avoid using a try...except block here. Is removing this really necessary to break the cycle?

Copy link
Contributor Author

@ordinary-jamie ordinary-jamie Jan 15, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah! This was my misunderstanding of the problem. It turns out that setting the original handshake_exc to None also fixed our problem -- which my understanding is that there are two separate instances of the exception, each with a traceback and only one was being handled.

try:
    if handshake_exc is None:
        self._set_state(SSLProtocolState.WRAPPED)
    else:
        raise handshake_exc

    peercert = sslobj.getpeercert()
except Exception as exc:
    handshake_exc = None    # <--- fixes the problem

else:
self._set_state(SSLProtocolState.UNWRAPPED)
if isinstance(exc, ssl.CertificateError):
if isinstance(handshake_exc, ssl.CertificateError):
msg = 'SSL handshake failed on verifying the certificate'
else:
msg = 'SSL handshake failed'
self._fatal_error(exc, msg)
self._wakeup_waiter(exc)
self._fatal_error(handshake_exc, msg)
self._wakeup_waiter(handshake_exc)
return

if self._loop.get_debug():
Expand Down
3 changes: 3 additions & 0 deletions Misc/NEWS.d/next/Library/2024-01-15-18-42-44.gh-issue-109534.wYaLMZ.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
Fix a reference leak in
:class:`asyncio.selector_events.BaseSelectorEventLoop` when SSL handshakes
fail. Patch contributed by Jamie Phan.
Loading