bpo-41056: Fix a NULL pointer dereference on MemoryError within the ssl module. (GH-21009)

Detected by Coverity. (cherry picked from commit eb0d5c38de) Co-authored-by: Gregory P. Smith <greg@krypto.org>
2020-06-21 12:11:29 -07:00 · 2020-06-21 12:11:29 -07:00 · 10bf6e4823
parent a4c09560ea
commit 10bf6e4823
2 changed files with 7 additions and 6 deletions
--- a/Misc/NEWS.d/next/Library/2020-06-20-18-35-43.bpo-41056.Garcle.rst
+++ b/Misc/NEWS.d/next/Library/2020-06-20-18-35-43.bpo-41056.Garcle.rst
@ -0,0 +1 @@
+Fix a NULL pointer dereference within the ssl module during a MemoryError in the keylog callback. (discovered by Coverity)
--- a/Modules/_ssl/debughelpers.c
+++ b/Modules/_ssl/debughelpers.c
@ -125,6 +125,12 @@ _PySSL_keylog_callback(const SSL *ssl, const char *line)

    threadstate = PyGILState_Ensure();

+    ssl_obj = (PySSLSocket *)SSL_get_app_data(ssl);
+    assert(PySSLSocket_Check(ssl_obj));
+    if (ssl_obj->ctx->keylog_bio == NULL) {
+        return;
+    }
+
    /* Allocate a static lock to synchronize writes to keylog file.
     * The lock is neither released on exit nor on fork(). The lock is
     * also shared between all SSLContexts although contexts may write to
@ -141,12 +147,6 @@ _PySSL_keylog_callback(const SSL *ssl, const char *line)
        }
    }

-    ssl_obj = (PySSLSocket *)SSL_get_app_data(ssl);
-    assert(PySSLSocket_Check(ssl_obj));
-    if (ssl_obj->ctx->keylog_bio == NULL) {
-        return;
-    }
-
    PySSL_BEGIN_ALLOW_THREADS
    PyThread_acquire_lock(lock, 1);
    res = BIO_printf(ssl_obj->ctx->keylog_bio, "%s\n", line);
				`@ -0,0 +1 @@`
				`Fix a NULL pointer dereference within the ssl module during a MemoryError in the keylog callback. (discovered by Coverity)`