Skip to content

bpo-37702: Fix SSL's certificate-store leak on Windows #15632

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 9, 2019
Merged

bpo-37702: Fix SSL's certificate-store leak on Windows #15632

merged 1 commit into from
Sep 9, 2019

Conversation

neonene
Copy link
Contributor

@neonene neonene commented Aug 31, 2019
edited
Loading

ssl_collect_certificates function in _ssl.c has a memory leak.
Calling CertOpenStore() and CertAddStoreToCollection(), a store's refcount gets incremented by 2.
But CertCloseStore() is called only once and the refcount leaves 1.

Even after this fix, CertEnumCertificatesInStore() can be called successfully.

Closing each store with CERT_CLOSE_STORE_CHECK_FLAG helped me to confirm the above.

https://bugs.python.org/issue37702

@neonene
bpo-37702: Fix SSL's certificate-store leak on Windows
3a329c3 
ssl_collect_certificates function in _ssl.c has a memory leak.
Calling CertOpenStore() and CertAddStoreToCollection(), a store's refcnt gets incremented by 2.
But CertCloseStore() is called only once and the refcnt leaves 1.
@neonene neonene requested a review from tiran as a code owner August 31, 2019 19:39
@neonene neonene mentioned this pull request Aug 31, 2019
Closed
@mangrisano
Copy link
Contributor

/cc @erikjanss @tiran @dstufft

@brandtbucher brandtbucher added needs backport to 3.7 OS-windows type-bug An unexpected behavior, bug, or error labels Sep 1, 2019
@zooba zooba merged commit ed70129 into python:master Sep 9, 2019
@miss-islington
Copy link
Contributor

Thanks @neonene for the PR, and @zooba for merging it 🌮🎉.. I'm working now to backport this PR to: 3.7, 3.8.
🐍🍒⛏🤖

@miss-islington
Copy link
Contributor

Sorry @neonene and @zooba, I had trouble checking out the 3.8 backport branch.
Please backport using cherry_picker on command line.
cherry_picker ed70129e15ea028469145111044a4349960a4e6f 3.8

miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Sep 9, 2019
@neonene @miss-islington
bpo-37702: Fix SSL's certificate-store leak on Windows (pythonGH-15632)
483e5dc 
ssl_collect_certificates function in _ssl.c has a memory leak.
Calling CertOpenStore() and CertAddStoreToCollection(), a store's refcnt gets incremented by 2.
But CertCloseStore() is called only once and the refcnt leaves 1.
(cherry picked from commit ed70129)

Co-authored-by: neonene <[email protected]>
@bedevere-bot
Copy link

GH-15770 is a backport of this pull request to the 3.7 branch.

zooba pushed a commit to zooba/cpython that referenced this pull request Sep 9, 2019
@neonene @zooba
bpo-37702: Fix SSL's certificate-store leak on Windows (pythonGH-15632)
e4647dc 
ssl_collect_certificates function in _ssl.c has a memory leak.
Calling CertOpenStore() and CertAddStoreToCollection(), a store's refcnt gets incremented by 2.
But CertCloseStore() is called only once and the refcnt leaves 1.
@bedevere-bot
Copy link

GH-15771 is a backport of this pull request to the 3.8 branch.

miss-islington added a commit that referenced this pull request Sep 9, 2019
@miss-islington @neonene
bpo-37702: Fix SSL's certificate-store leak on Windows (GH-15632)
472f37a 
ssl_collect_certificates function in _ssl.c has a memory leak.
Calling CertOpenStore() and CertAddStoreToCollection(), a store's refcnt gets incremented by 2.
But CertCloseStore() is called only once and the refcnt leaves 1.
(cherry picked from commit ed70129)

Co-authored-by: neonene <[email protected]>
zooba added a commit that referenced this pull request Sep 9, 2019
@zooba
bpo-37702: Fix SSL's certificate-store leak on Windows (GH-15632)
5d695b6 
ssl_collect_certificates function in _ssl.c has a memory leak.
Calling CertOpenStore() and CertAddStoreToCollection(), a store's refcnt gets incremented by 2.
But CertCloseStore() is called only once and the refcnt leaves 1.
@neonene neonene deleted the bpo-37702_fix-memleak_ssl_2nd branch September 10, 2019 01:40
DinoV pushed a commit to DinoV/cpython that referenced this pull request Jan 14, 2020
@neonene @DinoV
bpo-37702: Fix SSL's certificate-store leak on Windows (pythonGH-15632)
5de70e8 
ssl_collect_certificates function in _ssl.c has a memory leak.
Calling CertOpenStore() and CertAddStoreToCollection(), a store's refcnt gets incremented by 2.
But CertCloseStore() is called only once and the refcnt leaves 1.
websurfer5 pushed a commit to websurfer5/cpython that referenced this pull request Jul 20, 2020
@neonene @websurfer5
bpo-37702: Fix SSL's certificate-store leak on Windows (pythonGH-15632)
77667c5 
ssl_collect_certificates function in _ssl.c has a memory leak.
Calling CertOpenStore() and CertAddStoreToCollection(), a store's refcnt gets incremented by 2.
But CertCloseStore() is called only once and the refcnt leaves 1.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tiran tiran Awaiting requested review from tiran

Assignees

@zooba zooba

Labels
OS-windows type-bug An unexpected behavior, bug, or error
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@neonene @mangrisano @miss-islington @bedevere-bot @zooba @the-knights-who-say-ni @brandtbucher