bpo-34824: Fix a possible NULL pointer dereference in _ssl.c (GH-9606)

On failure, _PyBytes_Resize() will deallocate the bytes object and set "result" to NULL. https://bugs.python.org/issue34824
author: Zackery Spytz <zspytz@gmail.com> 2018-10-06 17:41:45 (GMT)
committer: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> 2018-10-06 17:41:45 (GMT)
commit: 365ad2ead5bbaf7a3b18648ffa36e819559d3f75 (patch)
tree: 15cbfdb982f285c10fcbb989f73365cc3bbc7782 /Modules/_ssl.c
parent: 683281f536981da395575b5a07d6761118259fd2 (diff)
download: cpython-365ad2ead5bbaf7a3b18648ffa36e819559d3f75.zip
cpython-365ad2ead5bbaf7a3b18648ffa36e819559d3f75.tar.gz
cpython-365ad2ead5bbaf7a3b18648ffa36e819559d3f75.tar.bz2
1 files changed, 7 insertions, 2 deletions
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 96bdac4..93498f4 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -4710,12 +4710,17 @@ _ssl_MemoryBIO_read_impl(PySSLMemoryBIO *self, int len)
         return result;
 
     nbytes = BIO_read(self->bio, PyBytes_AS_STRING(result), len);
-    /* There should never be any short reads but check anyway. */
-    if ((nbytes < len) && (_PyBytes_Resize(&result, len) < 0)) {
+    if (nbytes < 0) {
         Py_DECREF(result);
+        _setSSLError(NULL, 0, __FILE__, __LINE__);
         return NULL;
     }
 
+    /* There should never be any short reads but check anyway. */
+    if (nbytes < len) {
+        _PyBytes_Resize(&result, nbytes);
+    }
+
     return result;
 }
author	Zackery Spytz <zspytz@gmail.com>	2018-10-06 17:41:45 (GMT)
committer	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>	2018-10-06 17:41:45 (GMT)
commit	365ad2ead5bbaf7a3b18648ffa36e819559d3f75 (patch)
tree	15cbfdb982f285c10fcbb989f73365cc3bbc7782 /Modules/_ssl.c
parent	683281f536981da395575b5a07d6761118259fd2 (diff)
download	cpython-365ad2ead5bbaf7a3b18648ffa36e819559d3f75.zip cpython-365ad2ead5bbaf7a3b18648ffa36e819559d3f75.tar.gz cpython-365ad2ead5bbaf7a3b18648ffa36e819559d3f75.tar.bz2