Issue 35991: potential double free in Modules/_randommodule.c line 295 and line 317

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

This issue has been migrated to GitHub: https://github.com/python/cpython/issues/80172

classification

Title:	potential double free in Modules/_randommodule.c line 295 and line 317
Type:	security	Stage:	resolved
Components:	Extension Modules	Versions:	Python 3.8, Python 3.7

process

Status:	closed	Resolution:	fixed
Dependencies:		Superseder:
Assigned To:		Nosy List:	ZackerySpytz, benjamin.peterson, mark.dickinson, miss-islington, rhettinger, wjq-security, xtreak
Priority:	normal	Keywords:	patch

Created on 2019-02-14 06:09 by wjq-security, last changed 2022-04-11 14:59 by admin. This issue is now closed.

Messages (4)
msg335498 - (view)	Author: Karthikeyan Singaravelan (xtreak) *	Date: 2019-02-14 06:20
Though random module doesn't receive frequent changes can you please add the relevant lines in the description or the relevant commit with the corresponding line number in the report with a description. On master with commit [0] line 295 calls PyMem_Free(key); and then calls goto Done where PyMem_Free(key); is again executed which I assume is the report. [0] https://github.com/python/cpython/blob/d73ac0eba992a33992210915739d73250bf6d38d/Modules/_randommodule.c#L295
msg335499 - (view)	Author: wangjiangqiang (wjq-security)	Date: 2019-02-14 06:35
line 295 calls PyMem_Free(key),then "key" was freed again in line 317 which causes the bug.
msg335506 - (view)	Author: Benjamin Peterson (benjamin.peterson) *	Date: 2019-02-14 07:43
New changeset bb3c05d7efca8d23bf39bc2640297ba2598899f3 by Benjamin Peterson (Zackery Spytz) in branch 'master': closes bpo-35991: Fix a potential double free in Modules/_randommodule.c. (GH-11849) https://github.com/python/cpython/commit/bb3c05d7efca8d23bf39bc2640297ba2598899f3
msg335507 - (view)	Author: miss-islington (miss-islington)	Date: 2019-02-14 08:02
New changeset e20893596f4ecbca90be6caecbf8c22c9629376d by Miss Islington (bot) in branch '3.7': closes bpo-35991: Fix a potential double free in Modules/_randommodule.c. (GH-11849) https://github.com/python/cpython/commit/e20893596f4ecbca90be6caecbf8c22c9629376d

History
Date	User	Action	Args
2022-04-11 14:59:11	admin	set	github: 80172
2019-02-14 09:27:13	ZackerySpytz	set	nosy: + ZackerySpytz components: + Extension Modules versions: + Python 3.7, Python 3.8
2019-02-14 08:02:15	miss-islington	set	nosy: + miss-islington messages: + msg335507
2019-02-14 07:43:39	miss-islington	set	pull_requests: + pull_request11883
2019-02-14 07:43:21	benjamin.peterson	set	status: open -> closed nosy: + benjamin.peterson messages: + msg335506 resolution: fixed stage: patch review -> resolved
2019-02-14 07:02:30	ZackerySpytz	set	keywords: + patch stage: patch review pull_requests: + pull_request11880
2019-02-14 06:35:32	wjq-security	set	messages: + msg335499
2019-02-14 06:20:44	xtreak	set	nosy: + rhettinger, xtreak, mark.dickinson messages: + msg335498
2019-02-14 06:09:55	wjq-security	create