Unreachable code in Modules/_ssl.c

[sobolevn]

Looks like code in this check cannot ever be reached:

cpython/Modules/_ssl.c

Lines 2824 to 2827 in 2b94a05

	newsession = d2i_SSL_SESSION(NULL, &const_p, slen);
	if (session == NULL) {
	goto error;
	}

At this point session cannot be NULL, because it is checked right above:

cpython/Modules/_ssl.c

Lines 2803 to 2806 in 2b94a05

	if (session == NULL) {
	PyErr_SetString(PyExc_ValueError, "Invalid session");
	goto error;
	}

I guess that it was intended to check newsession variable instead.

Docs say: https://www.openssl.org/docs/man1.0.2/man3/d2i_SSL_SESSION.html

d2i_SSL_SESSION() returns a pointer to the newly allocated SSL_SESSION object. In case of failure the NULL-pointer is returned and the error message can be retrieved from the error stack.

One more thing that bothers me here is that error is not set. We just return NULL which can theoretically crash the interpeter.

So, my plan is to:

1. Check newsession instead
2. Add a ValueError there

Originally introduced in 99a6570

PR is on its way.

Found by Linux Verification Center (portal.linuxtesting.ru) with SVACE.

Author A. Voronin.

Linked PRs

• gh-106831: Fix NULL check of d2i_SSL_SESSION result in _ssl.c #106832
• [3.12] gh-106831: Fix NULL check of d2i_SSL_SESSION() result in _ssl.c (GH-106832) #106835
• [3.11] gh-106831: Fix NULL check of d2i_SSL_SESSION() result in _ssl.c (GH-106832) #106836

[vstinner]

I merged your fix, thanks. The backports will land automatically soon.