[3.14] gh-145301: Fix double-free in hashlib and hmac module initialization (GH-14532...

gh-145301: Fix double-free in hashlib and hmac module initialization (GH-145321)
(cherry picked from commit 6acaf659ef0fdee131bc02f0b58685da039b5855)

gh-145301: Fix double-free in hashlib and hmac initialization

Co-authored-by: krylosov-aa <krylosov.andrew@gmail.com>

diff --git a/Misc/NEWS.d/next/Library/2026-02-27-19-00-26.gh-issue-145301.2Wih4b.rst b/Misc/NEWS.d/next/Library/2026-02-27-19-00-26.gh-issue-145301.2Wih4b.rst
new file mode 100644 (file)
index 0000000..7aeb6a1
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2026-02-27-19-00-26.gh-issue-145301.2Wih4b.rst
@@ -0,0 +1,2 @@
+:mod:`hashlib`: fix a crash when the initialization of the underlying C
+extension module fails.

diff --git a/Misc/NEWS.d/next/Library/2026-02-28-00-55-00.gh-issue-145301.Lk2bRl.rst b/Misc/NEWS.d/next/Library/2026-02-28-00-55-00.gh-issue-145301.Lk2bRl.rst
new file mode 100644 (file)
index 0000000..436ff31
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2026-02-28-00-55-00.gh-issue-145301.Lk2bRl.rst
@@ -0,0 +1,2 @@
+:mod:`hmac`: fix a crash when the initialization of the underlying C
+extension module fails.

diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
index c8a76e1499075131af02ca39886361a81ada45a5..e7cb315f1607e22490712091b1eb52b8cf644d72 100644 (file)
--- a/Modules/_hashopenssl.c
+++ b/Modules/_hashopenssl.c
@@ -238,7 +238,7 @@ py_hashentry_table_new(void) {
 
         if (h->py_alias != NULL) {
             if (_Py_hashtable_set(ht, (const void*)entry->py_alias, (void*)entry) < 0) {
-                PyMem_Free(entry);
+                /* entry is already in ht, will be freed by _Py_hashtable_destroy() */
                 goto error;
             }
             entry->refcnt++;

diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c
index 8cd470f4f80b3aaaa6f415c4843b284f35fdbde4..bc711b51accd8761b80fe6be70d11a7510fe32cb 100644 (file)
--- a/Modules/hmacmodule.c
+++ b/Modules/hmacmodule.c
@@ -1604,16 +1604,19 @@ py_hmac_hinfo_ht_new(void)
         assert(value->display_name == NULL);
         value->refcnt = 0;
 
-#define Py_HMAC_HINFO_LINK(KEY)                                 \
-        do {                                                    \
-            int rc = py_hmac_hinfo_ht_add(table, KEY, value);   \
-            if (rc < 0) {                                       \
-                PyMem_Free(value);                              \
-                goto error;                                     \
-            }                                                   \
-            else if (rc == 1) {                                 \
-                value->refcnt++;                                \
-            }                                                   \
+#define Py_HMAC_HINFO_LINK(KEY)                                     \
+        do {                                                        \
+            int rc = py_hmac_hinfo_ht_add(table, (KEY), value);     \
+            if (rc < 0) {                                           \
+                /* entry may already be in ht, freed upon exit */   \
+                if (value->refcnt == 0) {                           \
+                    PyMem_Free(value);                              \
+                }                                                   \
+                goto error;                                         \
+            }                                                       \
+            else if (rc == 1) {                                     \
+                value->refcnt++;                                    \
+            }                                                       \
         } while (0)
         Py_HMAC_HINFO_LINK(e->name);
         Py_HMAC_HINFO_LINK(e->hashlib_name);