bpo-41056: Fix a NULL pointer dereference on MemoryError within the ssl module. ...

Detected by Coverity.

diff --git a/Misc/NEWS.d/next/Library/2020-06-20-18-35-43.bpo-41056.Garcle.rst b/Misc/NEWS.d/next/Library/2020-06-20-18-35-43.bpo-41056.Garcle.rst
new file mode 100644 (file)
index 0000000..1776f0d
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2020-06-20-18-35-43.bpo-41056.Garcle.rst
@@ -0,0 +1 @@
+Fix a NULL pointer dereference within the ssl module during a MemoryError in the keylog callback. (discovered by Coverity)
\ No newline at end of file

diff --git a/Modules/_ssl/debughelpers.c b/Modules/_ssl/debughelpers.c
index 858b3d7955c9cffe7a7555005ab7036dca109f7c..b840da2f663af08417b54b50af575c26f5ad0f03 100644 (file)
--- a/Modules/_ssl/debughelpers.c
+++ b/Modules/_ssl/debughelpers.c
@@ -125,6 +125,12 @@ _PySSL_keylog_callback(const SSL *ssl, const char *line)
 
     threadstate = PyGILState_Ensure();
 
+    ssl_obj = (PySSLSocket *)SSL_get_app_data(ssl);
+    assert(PySSLSocket_Check(ssl_obj));
+    if (ssl_obj->ctx->keylog_bio == NULL) {
+        return;
+    }
+
     /* Allocate a static lock to synchronize writes to keylog file.
      * The lock is neither released on exit nor on fork(). The lock is
      * also shared between all SSLContexts although contexts may write to
@@ -141,12 +147,6 @@ _PySSL_keylog_callback(const SSL *ssl, const char *line)
         }
     }
 
-    ssl_obj = (PySSLSocket *)SSL_get_app_data(ssl);
-    assert(PySSLSocket_Check(ssl_obj));
-    if (ssl_obj->ctx->keylog_bio == NULL) {
-        return;
-    }
-
     PySSL_BEGIN_ALLOW_THREADS
     PyThread_acquire_lock(lock, 1);
     res = BIO_printf(ssl_obj->ctx->keylog_bio, "%s\n", line);