This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: _ssl.c: Possible null pointer dereference
Type: Stage: resolved
Components: Extension Modules, SSL Versions: Python 3.8, Python 3.7, Python 3.6
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: christian.heimes Nosy List: ZackerySpytz, christian.heimes, miss-islington, serhiy.storchaka, vstinner, yselivanov
Priority: normal Keywords: patch

Created on 2018-09-27 17:07 by ZackerySpytz, last changed 2022-04-11 14:59 by admin. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 9606 merged ZackerySpytz, 2018-09-27 17:11
PR 9743 merged miss-islington, 2018-10-06 17:42
PR 9744 merged miss-islington, 2018-10-06 17:42
Messages (6)
msg326573 - (view) Author: Zackery Spytz (ZackerySpytz) * (Python triager) Date: 2018-09-27 17:07 
If _PyBytes_Resize() fails in _ssl_MemoryBIO_read_impl(), Py_DECREF() will be called on a null pointer.
msg326814 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2018-10-01 16:29 
Good catch, but there is more than one error here.
msg327255 - (view) Author: miss-islington (miss-islington) Date: 2018-10-06 17:41 
New changeset 365ad2ead5bbaf7a3b18648ffa36e819559d3f75 by Miss Islington (bot) (Zackery Spytz) in branch 'master':
bpo-34824: Fix a possible NULL pointer dereference in _ssl.c (GH-9606)
https://github.com/python/cpython/commit/365ad2ead5bbaf7a3b18648ffa36e819559d3f75
msg328076 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2018-10-19 23:14 
New changeset 4ec9f64e07c8f397ad6699f8b99843846c219588 by Victor Stinner (Miss Islington (bot)) in branch '3.7':
bpo-34824: Fix a possible NULL pointer dereference in _ssl.c (GH-9606) (GH-9743)
https://github.com/python/cpython/commit/4ec9f64e07c8f397ad6699f8b99843846c219588
msg328077 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2018-10-19 23:14 
New changeset d92816de667169fbd54a3442705bc07286e8c69d by Victor Stinner (Miss Islington (bot)) in branch '3.6':
bpo-34824: Fix a possible NULL pointer dereference in _ssl.c (GH-9606) (GH-9744)
https://github.com/python/cpython/commit/d92816de667169fbd54a3442705bc07286e8c69d
msg328078 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2018-10-19 23:16 
Thanks Zackery Spytz for the report and the fix!
History
Date User Action Args
2022-04-11 14:59:06adminsetgithub: 79005
2018-10-19 23:16:33vstinnersetstatus: open -> closed
resolution: fixed
messages: + msg328078

stage: patch review -> resolved
2018-10-19 23:14:52vstinnersetmessages: + msg328077
2018-10-19 23:14:47vstinnersetnosy: + vstinner
messages: + msg328076
2018-10-06 17:42:09miss-islingtonsetpull_requests: + pull_request9132
2018-10-06 17:42:03miss-islingtonsetpull_requests: + pull_request9131
2018-10-06 17:41:51miss-islingtonsetnosy: + miss-islington
messages: + msg327255
2018-10-01 16:29:12serhiy.storchakasetnosy: + serhiy.storchaka
messages: + msg326814
2018-09-27 17:11:30ZackerySpytzsetkeywords: + patch
stage: patch review
pull_requests: + pull_request9003
2018-09-27 17:09:12yselivanovsetnosy: + yselivanov
2018-09-27 17:07:57ZackerySpytzcreate