traverseda
/
cpython
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

bpo-34824: Fix a possible NULL pointer dereference in _ssl.c (GH-9606) (GH-9743) 

On failure, _PyBytes_Resize() will deallocate the bytes object and set
"result" to NULL.

https://bugs.python.org/issue34824
(cherry picked from commit 365ad2ead5)

Co-authored-by: Zackery Spytz <zspytz@gmail.com>
This commit is contained in:
Miss Islington (bot) 2018-10-19 16:14:42 -07:00 committed by Victor Stinner
parent c119d5948f
commit 4ec9f64e07
2 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Misc/NEWS.d/next/Core and Builtins/2018-09-27-11-10-02.bpo-34824.VLlCaU.rst Normal file
View File

@ -0,0 +1,2 @@
Fix a possible null pointer dereference in Modules/_ssl.c. Patch by Zackery
Spytz.

9
Modules/_ssl.c
View File

@ -4711,12 +4711,17 @@ _ssl_MemoryBIO_read_impl(PySSLMemoryBIO *self, int len)
return result;
nbytes = BIO_read(self->bio, PyBytes_AS_STRING(result), len);
/* There should never be any short reads but check anyway. */
if ((nbytes < len) && (_PyBytes_Resize(&result, len) < 0)) {
if (nbytes < 0) {
Py_DECREF(result);
_setSSLError(NULL, 0, __FILE__, __LINE__);
return NULL;
}
/* There should never be any short reads but check anyway. */
if (nbytes < len) {
_PyBytes_Resize(&result, nbytes);
}
return result;
}