_ssl.c: Possible null pointer dereference #79005

ZackerySpytz · 2018-09-27T17:07:57Z

BPO	34824
Nosy	@vstinner, @tiran, @serhiy-storchaka, @1st1, @ZackerySpytz, @miss-islington
PRs	bpo-34824: Fix a possible NULL pointer dereference in _ssl.c #9606 [3.7] bpo-34824: Fix a possible NULL pointer dereference in _ssl.c (GH-9606) #9743 [3.6] bpo-34824: Fix a possible NULL pointer dereference in _ssl.c (GH-9606) #9744

^{Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.}

Show more details

GitHub fields:

assignee = 'https://github.com/tiran'
closed_at = <Date 2018-10-19.23:16:33.305>
created_at = <Date 2018-09-27.17:07:57.102>
labels = ['extension-modules', 'expert-SSL', '3.7', '3.8']
title = '_ssl.c: Possible null pointer dereference'
updated_at = <Date 2018-10-19.23:16:33.304>
user = 'https://github.com/ZackerySpytz'

bugs.python.org fields:

activity = <Date 2018-10-19.23:16:33.304>
actor = 'vstinner'
assignee = 'christian.heimes'
closed = True
closed_date = <Date 2018-10-19.23:16:33.305>
closer = 'vstinner'
components = ['Extension Modules', 'SSL']
creation = <Date 2018-09-27.17:07:57.102>
creator = 'ZackerySpytz'
dependencies = []
files = []
hgrepos = []
issue_num = 34824
keywords = ['patch']
message_count = 6.0
messages = ['326573', '326814', '327255', '328076', '328077', '328078']
nosy_count = 6.0
nosy_names = ['vstinner', 'christian.heimes', 'serhiy.storchaka', 'yselivanov', 'ZackerySpytz', 'miss-islington']
pr_nums = ['9606', '9743', '9744']
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = None
url = 'https://bugs.python.org/issue34824'
versions = ['Python 3.6', 'Python 3.7', 'Python 3.8']

ZackerySpytz · 2018-09-27T17:07:57Z

If _PyBytes_Resize() fails in _ssl_MemoryBIO_read_impl(), Py_DECREF() will be called on a null pointer.

serhiy-storchaka · 2018-10-01T16:29:12Z

Good catch, but there is more than one error here.

miss-islington · 2018-10-06T17:41:51Z

New changeset 365ad2e by Miss Islington (bot) (Zackery Spytz) in branch 'master':
bpo-34824: Fix a possible NULL pointer dereference in _ssl.c (GH-9606)
365ad2e

vstinner · 2018-10-19T23:14:47Z

New changeset 4ec9f64 by Victor Stinner (Miss Islington (bot)) in branch '3.7':
bpo-34824: Fix a possible NULL pointer dereference in _ssl.c (GH-9606) (GH-9743)
4ec9f64

vstinner · 2018-10-19T23:14:53Z

New changeset d92816d by Victor Stinner (Miss Islington (bot)) in branch '3.6':
bpo-34824: Fix a possible NULL pointer dereference in _ssl.c (GH-9606) (GH-9744)
d92816d

vstinner · 2018-10-19T23:16:33Z

Thanks Zackery Spytz for the report and the fix!

ZackerySpytz mannequin added 3.7 (EOL) end of life 3.8 only security fixes labels Sep 27, 2018

ZackerySpytz mannequin assigned tiran Sep 27, 2018

ZackerySpytz mannequin added extension-modules C modules in the Modules dir topic-SSL labels Sep 27, 2018

vstinner closed this as completed Oct 19, 2018

ezio-melotti transferred this issue from another repository Apr 10, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

_ssl.c: Possible null pointer dereference #79005

_ssl.c: Possible null pointer dereference #79005

ZackerySpytz mannequin commented Sep 27, 2018

ZackerySpytz mannequin commented Sep 27, 2018

serhiy-storchaka commented Oct 1, 2018

miss-islington commented Oct 6, 2018

vstinner commented Oct 19, 2018

vstinner commented Oct 19, 2018

vstinner commented Oct 19, 2018

_ssl.c: Possible null pointer dereference #79005

_ssl.c: Possible null pointer dereference #79005

Comments

ZackerySpytz mannequin commented Sep 27, 2018

ZackerySpytz mannequin commented Sep 27, 2018

serhiy-storchaka commented Oct 1, 2018

miss-islington commented Oct 6, 2018

vstinner commented Oct 19, 2018

vstinner commented Oct 19, 2018

vstinner commented Oct 19, 2018