gh-145376: Fix crashes in `md5module.c` and `hmacmodule.c` (GH-145422)
Fix a possible NULL pointer dereference in `md5module.c` and a double-free in `hmacmodule.c`.
Those crashes only occur in error paths taken when the interpreter fails to allocate memory.
(cherry picked from commit
c1d77683213c400fca144692654845e6f5418981)
Co-authored-by: Pieter Eendebak <pieter.eendebak@gmail.com>
--- /dev/null
+Fix double free and null pointer dereference in unusual error scenarios
+in :mod:`hashlib` and :mod:`hmac` modules.
py_hmac_hinfo_ht_free(void *hinfo)
{
py_hmac_hinfo *entry = (py_hmac_hinfo *)hinfo;
- assert(entry->display_name != NULL);
if (--(entry->refcnt) == 0) {
Py_CLEAR(entry->display_name);
PyMem_Free(hinfo);
e->hashlib_name == NULL ? e->name : e->hashlib_name
);
if (value->display_name == NULL) {
- PyMem_Free(value);
+ /* 'value' is owned by the table (refcnt > 0),
+ so _Py_hashtable_destroy() will free it. */
goto error;
}
}
MD5_dealloc(PyObject *op)
{
MD5object *ptr = _MD5object_CAST(op);
- Hacl_Hash_MD5_free(ptr->hash_state);
+ if (ptr->hash_state != NULL) {
+ Hacl_Hash_MD5_free(ptr->hash_state);
+ ptr->hash_state = NULL;
+ }
PyTypeObject *tp = Py_TYPE(op);
PyObject_GC_UnTrack(ptr);
PyObject_GC_Del(ptr);
projects / thirdparty / Python / cpython.git / commitdiff
