[Python-checkins] bpo-41056: Fix a NULL pointer dereference on MemoryError within the ssl module. (GH-21009)
Miss Islington (bot)
webhook-mailer at python.org
Sun Jun 21 15:11:38 EDT 2020
https://github.com/python/cpython/commit/10bf6e482328f622f4b2659e4ad5e3d88f57ba58
commit: 10bf6e482328f622f4b2659e4ad5e3d88f57ba58
branch: 3.8
author: Miss Islington (bot) <31488909+miss-islington at users.noreply.github.com>
committer: GitHub <noreply at github.com>
date: 2020-06-21T12:11:29-07:00
summary:
bpo-41056: Fix a NULL pointer dereference on MemoryError within the ssl module. (GH-21009)
Detected by Coverity.
(cherry picked from commit eb0d5c38de7f970d8cd8524f4163d831c7720f51)
Co-authored-by: Gregory P. Smith <greg at krypto.org>
files:
A Misc/NEWS.d/next/Library/2020-06-20-18-35-43.bpo-41056.Garcle.rst
M Modules/_ssl/debughelpers.c
diff --git a/Misc/NEWS.d/next/Library/2020-06-20-18-35-43.bpo-41056.Garcle.rst b/Misc/NEWS.d/next/Library/2020-06-20-18-35-43.bpo-41056.Garcle.rst
new file mode 100644
index 0000000000000..1776f0d1cf8a3
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2020-06-20-18-35-43.bpo-41056.Garcle.rst
@@ -0,0 +1 @@
+Fix a NULL pointer dereference within the ssl module during a MemoryError in the keylog callback. (discovered by Coverity)
\ No newline at end of file
diff --git a/Modules/_ssl/debughelpers.c b/Modules/_ssl/debughelpers.c
index 858b3d7955c9c..b840da2f663af 100644
--- a/Modules/_ssl/debughelpers.c
+++ b/Modules/_ssl/debughelpers.c
@@ -125,6 +125,12 @@ _PySSL_keylog_callback(const SSL *ssl, const char *line)
threadstate = PyGILState_Ensure();
+ ssl_obj = (PySSLSocket *)SSL_get_app_data(ssl);
+ assert(PySSLSocket_Check(ssl_obj));
+ if (ssl_obj->ctx->keylog_bio == NULL) {
+ return;
+ }
+
/* Allocate a static lock to synchronize writes to keylog file.
* The lock is neither released on exit nor on fork(). The lock is
* also shared between all SSLContexts although contexts may write to
@@ -141,12 +147,6 @@ _PySSL_keylog_callback(const SSL *ssl, const char *line)
}
}
- ssl_obj = (PySSLSocket *)SSL_get_app_data(ssl);
- assert(PySSLSocket_Check(ssl_obj));
- if (ssl_obj->ctx->keylog_bio == NULL) {
- return;
- }
-
PySSL_BEGIN_ALLOW_THREADS
PyThread_acquire_lock(lock, 1);
res = BIO_printf(ssl_obj->ctx->keylog_bio, "%s\n", line);
More information about the Python-checkins
mailing list