From e359bc24b1f3a6ce311b9ef3043d1fdf5f1bf1cd Mon Sep 17 00:00:00 2001
From: Alexey Izbyshev <izbyshev@ispras.ru>
Date: Sun, 4 Nov 2018 18:44:16 +0300
Subject: [PATCH] bpo-35161: Fix stack-use-after-scope in grp.getgr{nam,gid}
 and pwd.getpw{nam,uid}. (GH-10319)

Reported by ASAN.
---
 Modules/grpmodule.c | 6 ++++--
 Modules/pwdmodule.c | 6 ++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/Modules/grpmodule.c b/Modules/grpmodule.c
index 74286ab3974..d426f083111 100644
--- a/Modules/grpmodule.c
+++ b/Modules/grpmodule.c
@@ -124,11 +124,12 @@ grp_getgrgid_impl(PyObject *module, PyObject *id)
         Py_DECREF(py_int_id);
     }
 #ifdef HAVE_GETGRGID_R
-    Py_BEGIN_ALLOW_THREADS
     int status;
     Py_ssize_t bufsize;
+    /* Note: 'grp' will be used via pointer 'p' on getgrgid_r success. */
     struct group grp;
 
+    Py_BEGIN_ALLOW_THREADS
     bufsize = sysconf(_SC_GETGR_R_SIZE_MAX);
     if (bufsize == -1) {
         bufsize = DEFAULT_BUFFER_SIZE;
@@ -204,11 +205,12 @@ grp_getgrnam_impl(PyObject *module, PyObject *name)
     if (PyBytes_AsStringAndSize(bytes, &name_chars, NULL) == -1)
         goto out;
 #ifdef HAVE_GETGRNAM_R
-    Py_BEGIN_ALLOW_THREADS
     int status;
     Py_ssize_t bufsize;
+    /* Note: 'grp' will be used via pointer 'p' on getgrnam_r success. */
     struct group grp;
 
+    Py_BEGIN_ALLOW_THREADS
     bufsize = sysconf(_SC_GETGR_R_SIZE_MAX);
     if (bufsize == -1) {
         bufsize = DEFAULT_BUFFER_SIZE;
diff --git a/Modules/pwdmodule.c b/Modules/pwdmodule.c
index d15286dc10f..1286e7d5ce5 100644
--- a/Modules/pwdmodule.c
+++ b/Modules/pwdmodule.c
@@ -131,11 +131,12 @@ pwd_getpwuid(PyObject *module, PyObject *uidobj)
         return NULL;
     }
 #ifdef HAVE_GETPWUID_R
-    Py_BEGIN_ALLOW_THREADS
     int status;
     Py_ssize_t bufsize;
+    /* Note: 'pwd' will be used via pointer 'p' on getpwuid_r success. */
     struct passwd pwd;
 
+    Py_BEGIN_ALLOW_THREADS
     bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
     if (bufsize == -1) {
         bufsize = DEFAULT_BUFFER_SIZE;
@@ -212,11 +213,12 @@ pwd_getpwnam_impl(PyObject *module, PyObject *name)
     if (PyBytes_AsStringAndSize(bytes, &name_chars, NULL) == -1)
         goto out;
 #ifdef HAVE_GETPWNAM_R
-    Py_BEGIN_ALLOW_THREADS
     int status;
     Py_ssize_t bufsize;
+    /* Note: 'pwd' will be used via pointer 'p' on getpwnam_r success. */
     struct passwd pwd;
 
+    Py_BEGIN_ALLOW_THREADS
     bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
     if (bufsize == -1) {
         bufsize = DEFAULT_BUFFER_SIZE;