[Python-checkins] bpo-34824: Fix a possible NULL pointer dereference in _ssl.c (GH-9606) (GH-9744)

[Victor Stinner]

https://github.com/python/cpython/commit/d92816de667169fbd54a3442705bc07286e8c69d
commit: d92816de667169fbd54a3442705bc07286e8c69d
branch: 3.6
author: Miss Islington (bot) <31488909+miss-islington at users.noreply.github.com>
committer: Victor Stinner <vstinner at redhat.com>
date: 2018-10-20T01:14:49+02:00
summary:

bpo-34824: Fix a possible NULL pointer dereference in _ssl.c (GH-9606) (GH-9744)

On failure, _PyBytes_Resize() will deallocate the bytes object and set
"result" to NULL.

https://bugs.python.org/issue34824
(cherry picked from commit 365ad2ead5bbaf7a3b18648ffa36e819559d3f75)

Co-authored-by: Zackery Spytz <zspytz at gmail.com>

files:
A Misc/NEWS.d/next/Core and Builtins/2018-09-27-11-10-02.bpo-34824.VLlCaU.rst
M Modules/_ssl.c

diff --git a/Misc/NEWS.d/next/Core and Builtins/2018-09-27-11-10-02.bpo-34824.VLlCaU.rst b/Misc/NEWS.d/next/Core and Builtins/2018-09-27-11-10-02.bpo-34824.VLlCaU.rst
new file mode 100644
index 000000000000..fe95b8973c09
--- /dev/null
+++ b/Misc/NEWS.d/next/Core and Builtins/2018-09-27-11-10-02.bpo-34824.VLlCaU.rst	
@@ -0,0 +1,2 @@
+Fix a possible null pointer dereference in Modules/_ssl.c. Patch by Zackery
+Spytz.
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index b0cfbdc96c07..2b043da280b8 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -4365,12 +4365,17 @@ _ssl_MemoryBIO_read_impl(PySSLMemoryBIO *self, int len)
         return result;
 
     nbytes = BIO_read(self->bio, PyBytes_AS_STRING(result), len);
-    /* There should never be any short reads but check anyway. */
-    if ((nbytes < len) && (_PyBytes_Resize(&result, len) < 0)) {
+    if (nbytes < 0) {
         Py_DECREF(result);
+        _setSSLError(NULL, 0, __FILE__, __LINE__);
         return NULL;
     }
 
+    /* There should never be any short reads but check anyway. */
+    if (nbytes < len) {
+        _PyBytes_Resize(&result, nbytes);
+    }
+
     return result;
 }