diff options
| author | Zackery Spytz <zspytz@gmail.com> | 2018-10-06 17:41:45 (GMT) |
|---|---|---|
| committer | Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> | 2018-10-06 17:41:45 (GMT) |
| commit | 365ad2ead5bbaf7a3b18648ffa36e819559d3f75 (patch) | |
| tree | 15cbfdb982f285c10fcbb989f73365cc3bbc7782 /Modules | |
| parent | 683281f536981da395575b5a07d6761118259fd2 (diff) | |
| download | cpython-365ad2ead5bbaf7a3b18648ffa36e819559d3f75.zip cpython-365ad2ead5bbaf7a3b18648ffa36e819559d3f75.tar.gz cpython-365ad2ead5bbaf7a3b18648ffa36e819559d3f75.tar.bz2 | |
bpo-34824: Fix a possible NULL pointer dereference in _ssl.c (GH-9606)
On failure, _PyBytes_Resize() will deallocate the bytes object and set
"result" to NULL.
https://bugs.python.org/issue34824
Diffstat (limited to 'Modules')
| -rw-r--r-- | Modules/_ssl.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 96bdac4..93498f4 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -4710,12 +4710,17 @@ _ssl_MemoryBIO_read_impl(PySSLMemoryBIO *self, int len) return result; nbytes = BIO_read(self->bio, PyBytes_AS_STRING(result), len); - /* There should never be any short reads but check anyway. */ - if ((nbytes < len) && (_PyBytes_Resize(&result, len) < 0)) { + if (nbytes < 0) { Py_DECREF(result); + _setSSLError(NULL, 0, __FILE__, __LINE__); return NULL; } + /* There should never be any short reads but check anyway. */ + if (nbytes < len) { + _PyBytes_Resize(&result, nbytes); + } + return result; } |