bpo-43362: Fix invalid free and return check in _sha3 module (GH-25463)

Commit 93d50a6a8d0c5d332c11aef267e66573a09765ac / GH-21855 changed the order of variable definitions, which introduced a potential invalid free bug. Py_buffer object is now initialized earlier and the result of Keccak initialize is verified. Co-authored-by: Alex Henrie <alexhenrie24@gmail.com> Signed-off-by: Christian Heimes <christian@python.org> Co-authored-by: Alex Henrie <alexhenrie24@gmail.com>
author: Christian Heimes <christian@python.org> 2021-04-18 06:39:39 (GMT)
committer: GitHub <noreply@github.com> 2021-04-18 06:39:39 (GMT)
commit: aa6da32edc3c6ddfda5e849561e20273b8d82771 (patch)
tree: e543feb59a3d5e30ec01f2408d77dad5099da456 /Misc
parent: f5c5c0c362f84b3af168563ac9dec1d03cf8565a (diff)
download: cpython-aa6da32edc3c6ddfda5e849561e20273b8d82771.zip
cpython-aa6da32edc3c6ddfda5e849561e20273b8d82771.tar.gz
cpython-aa6da32edc3c6ddfda5e849561e20273b8d82771.tar.bz2
1 files changed, 2 insertions, 0 deletions
diff --git a/Misc/NEWS.d/next/Security/2021-04-18-00-56-44.bpo-43362.__5aiP.rst b/Misc/NEWS.d/next/Security/2021-04-18-00-56-44.bpo-43362.__5aiP.rst
new file mode 100644
index 0000000..713a683
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2021-04-18-00-56-44.bpo-43362.__5aiP.rst
@@ -0,0 +1,2 @@
+Fix invalid free in _sha3 module. The issue was introduced in 3.10.0a1.
+Python 3.9 and earlier are not affected.
author	Christian Heimes <christian@python.org>	2021-04-18 06:39:39 (GMT)
committer	GitHub <noreply@github.com>	2021-04-18 06:39:39 (GMT)
commit	aa6da32edc3c6ddfda5e849561e20273b8d82771 (patch)
tree	e543feb59a3d5e30ec01f2408d77dad5099da456 /Misc
parent	f5c5c0c362f84b3af168563ac9dec1d03cf8565a (diff)
download	cpython-aa6da32edc3c6ddfda5e849561e20273b8d82771.zip cpython-aa6da32edc3c6ddfda5e849561e20273b8d82771.tar.gz cpython-aa6da32edc3c6ddfda5e849561e20273b8d82771.tar.bz2