summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorZackery Spytz <zspytz@gmail.com>2018-10-06 17:41:45 (GMT)
committerMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>2018-10-06 17:41:45 (GMT)
commit365ad2ead5bbaf7a3b18648ffa36e819559d3f75 (patch)
tree15cbfdb982f285c10fcbb989f73365cc3bbc7782
parent683281f536981da395575b5a07d6761118259fd2 (diff)
downloadcpython-365ad2ead5bbaf7a3b18648ffa36e819559d3f75.zip
cpython-365ad2ead5bbaf7a3b18648ffa36e819559d3f75.tar.gz
cpython-365ad2ead5bbaf7a3b18648ffa36e819559d3f75.tar.bz2
bpo-34824: Fix a possible NULL pointer dereference in _ssl.c (GH-9606)
On failure, _PyBytes_Resize() will deallocate the bytes object and set "result" to NULL. https://bugs.python.org/issue34824
-rw-r--r--Misc/NEWS.d/next/Core and Builtins/2018-09-27-11-10-02.bpo-34824.VLlCaU.rst2
-rw-r--r--Modules/_ssl.c9
2 files changed, 9 insertions, 2 deletions
diff --git a/Misc/NEWS.d/next/Core and Builtins/2018-09-27-11-10-02.bpo-34824.VLlCaU.rst b/Misc/NEWS.d/next/Core and Builtins/2018-09-27-11-10-02.bpo-34824.VLlCaU.rst
new file mode 100644
index 0000000..fe95b89
--- /dev/null
+++ b/Misc/NEWS.d/next/Core and Builtins/2018-09-27-11-10-02.bpo-34824.VLlCaU.rst
@@ -0,0 +1,2 @@
+Fix a possible null pointer dereference in Modules/_ssl.c. Patch by Zackery
+Spytz.
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 96bdac4..93498f4 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -4710,12 +4710,17 @@ _ssl_MemoryBIO_read_impl(PySSLMemoryBIO *self, int len)
return result;
nbytes = BIO_read(self->bio, PyBytes_AS_STRING(result), len);
- /* There should never be any short reads but check anyway. */
- if ((nbytes < len) && (_PyBytes_Resize(&result, len) < 0)) {
+ if (nbytes < 0) {
Py_DECREF(result);
+ _setSSLError(NULL, 0, __FILE__, __LINE__);
return NULL;
}
+ /* There should never be any short reads but check anyway. */
+ if (nbytes < len) {
+ _PyBytes_Resize(&result, nbytes);
+ }
+
return result;
}