classification
Title: potential double free in Modules/_randommodule.c line 295 and line 317
Type: security Stage: resolved
Components: Extension Modules Versions: Python 3.8, Python 3.7
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: ZackerySpytz, benjamin.peterson, mark.dickinson, miss-islington, rhettinger, wjq-security, xtreak
Priority: normal Keywords: patch

Created on 2019-02-14 06:09 by wjq-security, last changed 2019-02-14 09:27 by ZackerySpytz. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 11849 merged ZackerySpytz, 2019-02-14 07:02
PR 11851 merged miss-islington, 2019-02-14 07:43
Messages (4)
msg335498 - (view) Author: Karthikeyan Singaravelan (xtreak) * (Python triager) Date: 2019-02-14 06:20
Though random module doesn't receive frequent changes can you please add the relevant lines in the description or the relevant commit with the corresponding line number in the report with a description. 

On master with commit [0] line 295 calls PyMem_Free(key); and then calls goto Done where PyMem_Free(key); is again executed which I assume is the report.

[0] https://github.com/python/cpython/blob/d73ac0eba992a33992210915739d73250bf6d38d/Modules/_randommodule.c#L295
msg335499 - (view) Author: wangjiangqiang (wjq-security) Date: 2019-02-14 06:35
line 295 calls PyMem_Free(key),then "key" was freed again in line 317 which causes the bug.
msg335506 - (view) Author: Benjamin Peterson (benjamin.peterson) * (Python committer) Date: 2019-02-14 07:43
New changeset bb3c05d7efca8d23bf39bc2640297ba2598899f3 by Benjamin Peterson (Zackery Spytz) in branch 'master':
closes bpo-35991: Fix a potential double free in Modules/_randommodule.c. (GH-11849)
https://github.com/python/cpython/commit/bb3c05d7efca8d23bf39bc2640297ba2598899f3
msg335507 - (view) Author: miss-islington (miss-islington) Date: 2019-02-14 08:02
New changeset e20893596f4ecbca90be6caecbf8c22c9629376d by Miss Islington (bot) in branch '3.7':
closes bpo-35991: Fix a potential double free in Modules/_randommodule.c. (GH-11849)
https://github.com/python/cpython/commit/e20893596f4ecbca90be6caecbf8c22c9629376d
History
Date User Action Args
2019-02-14 09:27:13ZackerySpytzsetnosy: + ZackerySpytz

components: + Extension Modules
versions: + Python 3.7, Python 3.8
2019-02-14 08:02:15miss-islingtonsetnosy: + miss-islington
messages: + msg335507
2019-02-14 07:43:39miss-islingtonsetpull_requests: + pull_request11883
2019-02-14 07:43:21benjamin.petersonsetstatus: open -> closed

nosy: + benjamin.peterson
messages: + msg335506

resolution: fixed
stage: patch review -> resolved
2019-02-14 07:02:30ZackerySpytzsetkeywords: + patch
stage: patch review
pull_requests: + pull_request11880
2019-02-14 06:35:32wjq-securitysetmessages: + msg335499
2019-02-14 06:20:44xtreaksetnosy: + rhettinger, xtreak, mark.dickinson
messages: + msg335498
2019-02-14 06:09:55wjq-securitycreate