gh-145301: Fix double-free in hashlib and hmac module initialization (GH-145321)

gh-145301: Fix double-free in hashlib and hmac initialization

diff --git a/Misc/NEWS.d/next/Library/2026-02-27-19-00-26.gh-issue-145301.2Wih4b.rst b/Misc/NEWS.d/next/Library/2026-02-27-19-00-26.gh-issue-145301.2Wih4b.rst
new file mode 100644 (file)
index 0000000..7aeb6a1
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2026-02-27-19-00-26.gh-issue-145301.2Wih4b.rst
@@ -0,0 +1,2 @@
+:mod:`hashlib`: fix a crash when the initialization of the underlying C
+extension module fails.

diff --git a/Misc/NEWS.d/next/Library/2026-02-28-00-55-00.gh-issue-145301.Lk2bRl.rst b/Misc/NEWS.d/next/Library/2026-02-28-00-55-00.gh-issue-145301.Lk2bRl.rst
new file mode 100644 (file)
index 0000000..436ff31
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2026-02-28-00-55-00.gh-issue-145301.Lk2bRl.rst
@@ -0,0 +1,2 @@
+:mod:`hmac`: fix a crash when the initialization of the underlying C
+extension module fails.

diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
index 77832a768e0cbcb4aa4cef4cfead85348c09b403..e19eb1abcf2c4dde00d58c6ace259c1ce2b547b5 100644 (file)
--- a/Modules/_hashopenssl.c
+++ b/Modules/_hashopenssl.c
@@ -268,7 +268,7 @@ py_hashentry_table_new(void) {
 
         if (h->py_alias != NULL) {
             if (_Py_hashtable_set(ht, (const void*)entry->py_alias, (void*)entry) < 0) {
-                PyMem_Free(entry);
+                /* entry is already in ht, will be freed by _Py_hashtable_destroy() */
                 goto error;
             }
             entry->refcnt++;

diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c
index f074f24807703cf73b346a26640f0c892090da96..7a040103bcb234863a3fd536333ef2e14950057e 100644 (file)
--- a/Modules/hmacmodule.c
+++ b/Modules/hmacmodule.c
@@ -1453,16 +1453,19 @@ py_hmac_hinfo_ht_new(void)
         assert(value->display_name == NULL);
         value->refcnt = 0;
 
-#define Py_HMAC_HINFO_LINK(KEY)                                 \
-        do {                                                    \
-            int rc = py_hmac_hinfo_ht_add(table, KEY, value);   \
-            if (rc < 0) {                                       \
-                PyMem_Free(value);                              \
-                goto error;                                     \
-            }                                                   \
-            else if (rc == 1) {                                 \
-                value->refcnt++;                                \
-            }                                                   \
+#define Py_HMAC_HINFO_LINK(KEY)                                     \
+        do {                                                        \
+            int rc = py_hmac_hinfo_ht_add(table, (KEY), value);     \
+            if (rc < 0) {                                           \
+                /* entry may already be in ht, freed upon exit */   \
+                if (value->refcnt == 0) {                           \
+                    PyMem_Free(value);                              \
+                }                                                   \
+                goto error;                                         \
+            }                                                       \
+            else if (rc == 1) {                                     \
+                value->refcnt++;                                    \
+            }                                                       \
         } while (0)
         Py_HMAC_HINFO_LINK(e->name);
         Py_HMAC_HINFO_LINK(e->hashlib_name);