potential double free in Modules/_randommodule.c line 295 and line 317 #80172

wjq-security · 2019-02-14T06:09:55Z

BPO	35991
Nosy	@rhettinger, @mdickinson, @benjaminp, @ZackerySpytz, @miss-islington, @tirkarthi
PRs	bpo-35991: Fix a potential double free in Modules/_randommodule.c #11849 [3.7] closes bpo-35991: Fix a potential double free in Modules/_randommodule.c. (GH-11849) #11851

^{Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.}

Show more details

GitHub fields:

assignee = None
closed_at = <Date 2019-02-14.07:43:21.127>
created_at = <Date 2019-02-14.06:09:55.268>
labels = ['type-security', 'extension-modules', '3.7', '3.8']
title = 'potential double free in Modules/_randommodule.c line 295 and line 317'
updated_at = <Date 2019-02-14.09:27:13.925>
user = 'https://bugs.python.org/wjq-security'

bugs.python.org fields:

activity = <Date 2019-02-14.09:27:13.925>
actor = 'ZackerySpytz'
assignee = 'none'
closed = True
closed_date = <Date 2019-02-14.07:43:21.127>
closer = 'benjamin.peterson'
components = ['Extension Modules']
creation = <Date 2019-02-14.06:09:55.268>
creator = 'wjq-security'
dependencies = []
files = []
hgrepos = []
issue_num = 35991
keywords = ['patch']
message_count = 4.0
messages = ['335498', '335499', '335506', '335507']
nosy_count = 7.0
nosy_names = ['rhettinger', 'mark.dickinson', 'benjamin.peterson', 'ZackerySpytz', 'miss-islington', 'xtreak', 'wjq-security']
pr_nums = ['11849', '11851']
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'security'
url = 'https://bugs.python.org/issue35991'
versions = ['Python 3.7', 'Python 3.8']

tirkarthi · 2019-02-14T06:20:45Z

Though random module doesn't receive frequent changes can you please add the relevant lines in the description or the relevant commit with the corresponding line number in the report with a description.

On master with commit [0] line 295 calls PyMem_Free(key); and then calls goto Done where PyMem_Free(key); is again executed which I assume is the report.

[0]

cpython/Modules/_randommodule.c

Line 295 in d73ac0e

PyMem_Free(key);

wjq-security · 2019-02-14T06:35:33Z

line 295 calls PyMem_Free(key),then "key" was freed again in line 317 which causes the bug.

benjaminp · 2019-02-14T07:43:21Z

New changeset bb3c05d by Benjamin Peterson (Zackery Spytz) in branch 'master':
closes bpo-35991: Fix a potential double free in Modules/_randommodule.c. (GH-11849)
bb3c05d

miss-islington · 2019-02-14T08:02:15Z

New changeset e208935 by Miss Islington (bot) in branch '3.7':
closes bpo-35991: Fix a potential double free in Modules/_randommodule.c. (GH-11849)
e208935

wjq-security mannequin added the type-security A security issue label Feb 14, 2019

benjaminp closed this as completed Feb 14, 2019

ZackerySpytz mannequin added extension-modules C modules in the Modules dir 3.7 (EOL) end of life 3.8 (EOL) end of life labels Feb 14, 2019

ezio-melotti transferred this issue from another repository Apr 10, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

potential double free in Modules/_randommodule.c line 295 and line 317 #80172

potential double free in Modules/_randommodule.c line 295 and line 317 #80172

wjq-security mannequin commented Feb 14, 2019

tirkarthi commented Feb 14, 2019

wjq-security mannequin commented Feb 14, 2019

benjaminp commented Feb 14, 2019

miss-islington commented Feb 14, 2019

potential double free in Modules/_randommodule.c line 295 and line 317 #80172

potential double free in Modules/_randommodule.c line 295 and line 317 #80172

Comments

wjq-security mannequin commented Feb 14, 2019

tirkarthi commented Feb 14, 2019

wjq-security mannequin commented Feb 14, 2019

benjaminp commented Feb 14, 2019

miss-islington commented Feb 14, 2019