diff options
author | Zackery Spytz <zspytz@gmail.com> | 2018-10-06 17:41:45 (GMT) |
---|---|---|
committer | Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> | 2018-10-06 17:41:45 (GMT) |
commit | 365ad2ead5bbaf7a3b18648ffa36e819559d3f75 (patch) | |
tree | 15cbfdb982f285c10fcbb989f73365cc3bbc7782 | |
parent | 683281f536981da395575b5a07d6761118259fd2 (diff) | |
download | cpython-365ad2ead5bbaf7a3b18648ffa36e819559d3f75.zip cpython-365ad2ead5bbaf7a3b18648ffa36e819559d3f75.tar.gz cpython-365ad2ead5bbaf7a3b18648ffa36e819559d3f75.tar.bz2 |
bpo-34824: Fix a possible NULL pointer dereference in _ssl.c (GH-9606)
On failure, _PyBytes_Resize() will deallocate the bytes object and set
"result" to NULL.
https://bugs.python.org/issue34824
-rw-r--r-- | Misc/NEWS.d/next/Core and Builtins/2018-09-27-11-10-02.bpo-34824.VLlCaU.rst | 2 | ||||
-rw-r--r-- | Modules/_ssl.c | 9 |
2 files changed, 9 insertions, 2 deletions
diff --git a/Misc/NEWS.d/next/Core and Builtins/2018-09-27-11-10-02.bpo-34824.VLlCaU.rst b/Misc/NEWS.d/next/Core and Builtins/2018-09-27-11-10-02.bpo-34824.VLlCaU.rst new file mode 100644 index 0000000..fe95b89 --- /dev/null +++ b/Misc/NEWS.d/next/Core and Builtins/2018-09-27-11-10-02.bpo-34824.VLlCaU.rst @@ -0,0 +1,2 @@ +Fix a possible null pointer dereference in Modules/_ssl.c. Patch by Zackery +Spytz. diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 96bdac4..93498f4 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -4710,12 +4710,17 @@ _ssl_MemoryBIO_read_impl(PySSLMemoryBIO *self, int len) return result; nbytes = BIO_read(self->bio, PyBytes_AS_STRING(result), len); - /* There should never be any short reads but check anyway. */ - if ((nbytes < len) && (_PyBytes_Resize(&result, len) < 0)) { + if (nbytes < 0) { Py_DECREF(result); + _setSSLError(NULL, 0, __FILE__, __LINE__); return NULL; } + /* There should never be any short reads but check anyway. */ + if (nbytes < len) { + _PyBytes_Resize(&result, nbytes); + } + return result; } |