mod_wsgi Memory leak in `wsgi_check_password` when receiving a `str` instance from `check

Memory leak in `wsgi_check_password` when receiving a `str` instance from `check_password` method

Open jun66j5 opened this issue 7 months ago • 1 comments

When receiving a str instance from check_password method, wsgi_check_password creates a bytes instance using PyUnicode_AsUTF8String but the bytes instance is not released.

See https://github.com/GrahamDumpleton/mod_wsgi/blob/5.0.0/src/server/mod_wsgi.c#L14911

I consider that we should release the bytes instance.

diff --git a/src/server/mod_wsgi.c b/src/server/mod_wsgi.c
index 9bc07c672..3593ce8cb 100644
--- a/src/server/mod_wsgi.c
+++ b/src/server/mod_wsgi.c
@@ -14913,6 +14913,7 @@ static authn_status wsgi_check_password(request_rec *r, const char *user,
                         if (str) {
                             adapter->r->user = apr_pstrdup(adapter->r->pool,
                                     PyString_AsString(str));
+                            Py_DECREF(str);

                             status = AUTH_GRANTED;
                         }

Jul 09 '24 07:07 jun66j5

mod_wsgi mod_wsgi copied to clipboard

Memory leak in `wsgi_check_password` when receiving a `str` instance from `check_password` method

mod_wsgi
mod_wsgi copied to clipboard