[Python-checkins] gh-98978: Fix Py_SetPythonHome(NULL) (GH-99066)

miss-islington webhook-mailer at python.org
Thu Nov 3 14:09:23 EDT 2022 

https://github.com/python/cpython/commit/41a9f49bc5d52b44386fe44ed6a1983bd2cd65cc
commit: 41a9f49bc5d52b44386fe44ed6a1983bd2cd65cc
branch: 3.11
author: Miss Islington (bot) <31488909+miss-islington at users.noreply.github.com>
committer: miss-islington <31488909+miss-islington at users.noreply.github.com>
date: 2022-11-03T11:09:15-07:00
summary:

gh-98978: Fix Py_SetPythonHome(NULL) (GH-99066)


Fix use-after-free in Py_SetPythonHome(NULL), Py_SetProgramName(NULL)
and _Py_SetProgramFullPath(NULL) function calls.

Issue reported by Benedikt Reinartz.
(cherry picked from commit b07f546ea3a574bc3016fb023c157c65a47f4849)

Co-authored-by: Victor Stinner <vstinner at python.org>

files:
A Misc/NEWS.d/next/C API/2022-11-03-17-46-41.gh-issue-98978.KJjBvv.rst
M Python/pathconfig.c

diff --git a/Misc/NEWS.d/next/C API/2022-11-03-17-46-41.gh-issue-98978.KJjBvv.rst b/Misc/NEWS.d/next/C API/2022-11-03-17-46-41.gh-issue-98978.KJjBvv.rst
new file mode 100644
index 000000000000..b9672728009a
--- /dev/null
+++ b/Misc/NEWS.d/next/C API/2022-11-03-17-46-41.gh-issue-98978.KJjBvv.rst	
@@ -0,0 +1,3 @@
+Fix use-after-free in ``Py_SetPythonHome(NULL)``,
+``Py_SetProgramName(NULL)`` and ``_Py_SetProgramFullPath(NULL)`` function
+calls. Issue reported by Benedikt Reinartz. Patch by Victor Stinner.
diff --git a/Python/pathconfig.c b/Python/pathconfig.c
index 69b7e10a3b02..be0f97c4b204 100644
--- a/Python/pathconfig.c
+++ b/Python/pathconfig.c
@@ -261,6 +261,8 @@ Py_SetPythonHome(const wchar_t *home)
     _PyMem_SetDefaultAllocator(PYMEM_DOMAIN_RAW, &old_alloc);
 
     PyMem_RawFree(_Py_path_config.home);
+    _Py_path_config.home = NULL;
+
     if (has_value) {
         _Py_path_config.home = _PyMem_RawWcsdup(home);
     }
@@ -282,6 +284,8 @@ Py_SetProgramName(const wchar_t *program_name)
     _PyMem_SetDefaultAllocator(PYMEM_DOMAIN_RAW, &old_alloc);
 
     PyMem_RawFree(_Py_path_config.program_name);
+    _Py_path_config.program_name = NULL;
+
     if (has_value) {
         _Py_path_config.program_name = _PyMem_RawWcsdup(program_name);
     }
@@ -302,6 +306,8 @@ _Py_SetProgramFullPath(const wchar_t *program_full_path)
     _PyMem_SetDefaultAllocator(PYMEM_DOMAIN_RAW, &old_alloc);
 
     PyMem_RawFree(_Py_path_config.program_full_path);
+    _Py_path_config.program_full_path = NULL;
+
     if (has_value) {
         _Py_path_config.program_full_path = _PyMem_RawWcsdup(program_full_path);
     }

More information about the Python-checkins mailing list