bpo-34824: Fix a possible NULL pointer dereference in _ssl.c (GH-9606) On failure, _PyBytes_Resize() will deallocate the bytes object and set "result" to NULL. https://bugs.python.org/issue34824

commit: 365ad2ead5bbaf7a3b18648ffa36e819559d3f75 [log] [tgz]
author: Zackery Spytz <zspytz@gmail.com> Sat Oct 06 11:41:45 2018 -0600
committer: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> Sat Oct 06 10:41:45 2018 -0700
tree: 15cbfdb982f285c10fcbb989f73365cc3bbc7782
parent: 683281f536981da395575b5a07d6761118259fd2 [diff] [blame]
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 96bdac4..93498f4 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c

@@ -4710,12 +4710,17 @@
         return result;
 
     nbytes = BIO_read(self->bio, PyBytes_AS_STRING(result), len);
-    /* There should never be any short reads but check anyway. */
-    if ((nbytes < len) && (_PyBytes_Resize(&result, len) < 0)) {
+    if (nbytes < 0) {
         Py_DECREF(result);
+        _setSSLError(NULL, 0, __FILE__, __LINE__);
         return NULL;
     }
 
+    /* There should never be any short reads but check anyway. */
+    if (nbytes < len) {
+        _PyBytes_Resize(&result, nbytes);
+    }
+
     return result;
 }
commit	365ad2ead5bbaf7a3b18648ffa36e819559d3f75	[log] [tgz]
author	Zackery Spytz <zspytz@gmail.com>	Sat Oct 06 11:41:45 2018 -0600
committer	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>	Sat Oct 06 10:41:45 2018 -0700
tree	15cbfdb982f285c10fcbb989f73365cc3bbc7782
parent	683281f536981da395575b5a07d6761118259fd2 [diff] [blame]