diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index 0e4759554aa..4ea1a63e495 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -394,6 +394,9 @@ def test_load_verify_locations(self): ctx.load_verify_locations(CERTFILE, CAPATH) ctx.load_verify_locations(CERTFILE, capath=BYTES_CAPATH) + # Issue #10989: crash if the second argument type is invalid + self.assertRaises(TypeError, ctx.load_verify_locations, None, True) + @skip_if_broken_ubuntu_ssl def test_session_stats(self): for proto in PROTOCOLS: diff --git a/Misc/NEWS b/Misc/NEWS index b05b93caa86..51f5ac151b7 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -16,6 +16,8 @@ Core and Builtins Library ------- +- Issue #10989: Fix a crash on SSLContext.load_verify_locations(None, True). + - Issue #11020: Command-line pyclbr was broken because of missing 2-to-3 conversion. diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 1e4b38a9cd8..141b1ae88ce 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -1683,7 +1683,7 @@ load_verify_locations(PySSLContext *self, PyObject *args, PyObject *kwds) return NULL; } if (capath && !PyUnicode_FSConverter(capath, &capath_bytes)) { - Py_DECREF(cafile_bytes); + Py_XDECREF(cafile_bytes); PyErr_SetString(PyExc_TypeError, "capath should be a valid filesystem path"); return NULL;