]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit
projects / thirdparty / Python / cpython.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 70ecd56) | patch
[3.14] gh-144833: Fix use-after-free in SSL module when SSL_new() fails (GH-144843...
authorMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Mon, 16 Feb 2026 03:10:23 +0000 (04:10 +0100)
committerGitHub <noreply@github.com>
Mon, 16 Feb 2026 03:10:23 +0000 (03:10 +0000)
commit53b8e64150d2c7b96979bfd1631b2ae33acab5d7
treec664fa48f3b9595fb7efe55a20824f4ed08aa9b0tree | snapshot
parent70ecd561135b31a8ece6f9d459b91734ab51db25commit | diff
[3.14] gh-144833: Fix use-after-free in SSL module when SSL_new() fails (GH-144843) (#144858)

gh-144833: Fix use-after-free in SSL module when SSL_new() fails (GH-144843)

In newPySSLSocket(), when SSL_new() returns NULL, Py_DECREF(self)
was called before _setSSLError(get_state_ctx(self), ...), causing
a use-after-free. Additionally, get_state_ctx() was called with
self (PySSLSocket*) instead of sslctx (PySSLContext*), which is
a type confusion bug.

Fix by calling _setSSLError() before Py_DECREF() and using
sslctx instead of self for get_state_ctx().
(cherry picked from commit c91638ca0671b8038831f963ed44e66cdda006a2)

Co-authored-by: Ramin Farajpour Cami <ramin.blackhat@gmail.com>
Misc/NEWS.d/next/Library/2026-02-15-00-00-00.gh-issue-144833.TUelo1.rst [new file with mode: 0644] blob
Modules/_ssl.c diff | blob | blame | history
Mirror of https://github.com/python/cpython.git