Looks like code in this check cannot ever be reached:
|
newsession = d2i_SSL_SESSION(NULL, &const_p, slen); |
|
if (session == NULL) { |
|
goto error; |
|
} |
At this point session cannot be NULL, because it is checked right above:
|
if (session == NULL) { |
|
PyErr_SetString(PyExc_ValueError, "Invalid session"); |
|
goto error; |
|
} |
I guess that it was intended to check newsession variable instead.
Docs say: https://www.openssl.org/docs/man1.0.2/man3/d2i_SSL_SESSION.html
d2i_SSL_SESSION() returns a pointer to the newly allocated SSL_SESSION object. In case of failure the NULL-pointer is returned and the error message can be retrieved from the error stack.
One more thing that bothers me here is that error is not set. We just return NULL which can theoretically crash the interpeter.
So, my plan is to:
- Check
newsession instead
- Add a
ValueError there
Originally introduced in 99a6570
PR is on its way.
Found by Linux Verification Center (portal.linuxtesting.ru) with SVACE.
Author A. Voronin.
Linked PRs
Looks like code in this check cannot ever be reached:
cpython/Modules/_ssl.c
Lines 2824 to 2827 in 2b94a05
At this point
sessioncannot beNULL, because it is checked right above:cpython/Modules/_ssl.c
Lines 2803 to 2806 in 2b94a05
I guess that it was intended to check
newsessionvariable instead.Docs say: https://www.openssl.org/docs/man1.0.2/man3/d2i_SSL_SESSION.html
One more thing that bothers me here is that error is not set. We just return
NULLwhich can theoretically crash the interpeter.So, my plan is to:
newsessioninsteadValueErrorthereOriginally introduced in 99a6570
PR is on its way.
Found by Linux Verification Center (portal.linuxtesting.ru) with SVACE.
Author A. Voronin.
Linked PRs
NULLcheck ofd2i_SSL_SESSIONresult in_ssl.c#106832