gh-98978: Fix Py_SetPythonHome(NULL) (#99066)

Fix use-after-free in Py_SetPythonHome(NULL), Py_SetProgramName(NULL)
and _Py_SetProgramFullPath(NULL) function calls.

Issue reported by Benedikt Reinartz.

diff --git a/Misc/NEWS.d/next/C API/2022-11-03-17-46-41.gh-issue-98978.KJjBvv.rst b/Misc/NEWS.d/next/C API/2022-11-03-17-46-41.gh-issue-98978.KJjBvv.rst
new file mode 100644 (file)
index 0000000..b967272
--- /dev/null
+++ b/Misc/NEWS.d/next/C API/2022-11-03-17-46-41.gh-issue-98978.KJjBvv.rst
@@ -0,0 +1,3 @@
+Fix use-after-free in ``Py_SetPythonHome(NULL)``,
+``Py_SetProgramName(NULL)`` and ``_Py_SetProgramFullPath(NULL)`` function
+calls. Issue reported by Benedikt Reinartz. Patch by Victor Stinner.

diff --git a/Python/pathconfig.c b/Python/pathconfig.c
index 69b7e10a3b0288299359031c62aa13da51d873f3..be0f97c4b204a91311c12945432739a4c4531039 100644 (file)
--- a/Python/pathconfig.c
+++ b/Python/pathconfig.c
@@ -261,6 +261,8 @@ Py_SetPythonHome(const wchar_t *home)
     _PyMem_SetDefaultAllocator(PYMEM_DOMAIN_RAW, &old_alloc);
 
     PyMem_RawFree(_Py_path_config.home);
+    _Py_path_config.home = NULL;
+
     if (has_value) {
         _Py_path_config.home = _PyMem_RawWcsdup(home);
     }
@@ -282,6 +284,8 @@ Py_SetProgramName(const wchar_t *program_name)
     _PyMem_SetDefaultAllocator(PYMEM_DOMAIN_RAW, &old_alloc);
 
     PyMem_RawFree(_Py_path_config.program_name);
+    _Py_path_config.program_name = NULL;
+
     if (has_value) {
         _Py_path_config.program_name = _PyMem_RawWcsdup(program_name);
     }
@@ -302,6 +306,8 @@ _Py_SetProgramFullPath(const wchar_t *program_full_path)
     _PyMem_SetDefaultAllocator(PYMEM_DOMAIN_RAW, &old_alloc);
 
     PyMem_RawFree(_Py_path_config.program_full_path);
+    _Py_path_config.program_full_path = NULL;
+
     if (has_value) {
         _Py_path_config.program_full_path = _PyMem_RawWcsdup(program_full_path);
     }