gh-145301: Fix double-free in hmac module initialization

krylosov-aa · krylosov-aa · commit d791cd9f8339 · 2026-02-28T01:02:10.000+03:00
diff --git a/Lib/test/test_hashlib.py b/Lib/test/test_hashlib.py
@@ -16,16 +16,16 @@
 import sys
 import sysconfig
 import tempfile
+import textwrap
 import threading
 import unittest
-import subprocess
-import textwrap
 from test import support
 from test.support import _4G, bigmemtest
 from test.support import hashlib_helper
-from test.support.import_helper import import_fresh_module
+from test.support import import_helper
 from test.support import requires_resource
 from test.support import threading_helper
+from test.support.script_helper import assert_python_ok
 from http.client import HTTPException
 
 
@@ -39,7 +39,7 @@
     builtin_hashes = set(map(str.strip, builtin_hash_names))
 
 # Public 'hashlib' module with OpenSSL backend for PBKDF2.
-openssl_hashlib = import_fresh_module('hashlib', fresh=['_hashlib'])
+openssl_hashlib = import_helper.import_fresh_module('hashlib', fresh=['_hashlib'])
 
 try:
     import _hashlib
@@ -68,6 +68,7 @@ def get_fips_mode():
 
 requires_sha3 = unittest.skipUnless(_sha3, 'requires _sha3')
 
+_testcapi = import_helper.import_module('_testcapi')
 
 def hexstr(s):
     assert isinstance(s, bytes), repr(s)
@@ -1204,23 +1205,13 @@ def test_readonly_types(self):
                         hash_type.value = False
 
     @unittest.skipUnless(HASH is not None, 'need _hashlib')
+    @unittest.skipUnless(hasattr(_testcapi, 'set_nomemory'),
+                         'need _testcapi.set_nomemory()')
     def test_hashlib_init_memory_error_no_df(self):
         """gh-145301 regression test."""
-
-        try:
-            import _testcapi
-            if not hasattr(_testcapi, 'set_nomemory'):
-                self.skipTest('requires _testcapi.set_nomemory')
-        except ImportError:
-            self.skipTest('requires _testcapi')
-
         code = textwrap.dedent("""
             import sys
             import _testcapi
-
-            if '_hashlib' in sys.modules:
-                del sys.modules['_hashlib']
-
             _testcapi.set_nomemory(40, 41)
             try:
                 import _hashlib
@@ -1229,16 +1220,7 @@ def test_hashlib_init_memory_error_no_df(self):
             finally:
                 _testcapi.remove_mem_hooks()
         """)
-
-        rc = subprocess.call(
-            [sys.executable, '-c', code],
-            stdout=subprocess.DEVNULL,
-            stderr=subprocess.DEVNULL,
-        )
-        # rc < 0 means crash (signal on Unix), which indicates double-free
-        # rc >= 0 means normal exit (even with MemoryError), which is expected
-        self.assertGreaterEqual(rc, 0,
-                                "Process crashed - Loss double-free in _hashlib")
+        assert_python_ok('-c', code)
 
 
 class KDFTests(unittest.TestCase):
diff --git a/Misc/NEWS.d/next/Library/2026-02-27-19-00-26.gh-issue-145301.2Wih4b.rst b/Misc/NEWS.d/next/Library/2026-02-27-19-00-26.gh-issue-145301.2Wih4b.rst
@@ -1 +1,2 @@
-Fix a crash when :mod:`hashlib` or :mod:`hmac` C extension module initialization fails.
+:mod:`hashlib`: fix a crash when the initialization of the underlying C
+extension module fails.
diff --git a/Misc/NEWS.d/next/Library/2026-02-28-00-55-00.gh-issue-145301.Lk2bRl.rst b/Misc/NEWS.d/next/Library/2026-02-28-00-55-00.gh-issue-145301.Lk2bRl.rst
@@ -0,0 +1,2 @@
+:mod:`hmac`: fix a crash when the initialization of the underlying C
+extension module fails.
diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c
@@ -1453,20 +1453,19 @@ py_hmac_hinfo_ht_new(void)
         assert(value->display_name == NULL);
         value->refcnt = 0;
 
-#define Py_HMAC_HINFO_LINK(KEY)                                 \
-        do {                                                    \
-            int rc = py_hmac_hinfo_ht_add(table, KEY, value);   \
-            if (rc < 0) {                                       \
-                /* entry may already be in ht, will be freed by \
-                _Py_hashtable_destroy() */                      \
-                if (value->refcnt == 0) {                       \
-                    PyMem_Free(value);                          \
-                }                                               \
-                goto error;                                     \
-            }                                                   \
-            else if (rc == 1) {                                 \
-                value->refcnt++;                                \
-            }                                                   \
+#define Py_HMAC_HINFO_LINK(KEY)                                    \
+        do {                                                       \
+            int rc = py_hmac_hinfo_ht_add(table, KEY, value);      \
+            if (rc < 0) {                                          \
+                /* entry may already be in ht, freed upon exit */  \
+                if (value->refcnt == 0) {                          \
+                    PyMem_Free(value);                             \
+                }                                                  \
+                goto error;                                        \
+            }                                                      \
+            else if (rc == 1) {                                    \
+                value->refcnt++;                                   \
+            }                                                      \
         } while (0)
         Py_HMAC_HINFO_LINK(e->name);
         Py_HMAC_HINFO_LINK(e->hashlib_name);

Original file line number	Diff line number	Diff line change
`@@ -1 +1,2 @@`
`1`		-Fix a crash when :mod:`hashlib` or :mod:`hmac` C extension module initialization fails.
	`1`	+:mod:`hashlib`: fix a crash when the initialization of the underlying C
	`2`	`+extension module fails.`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	+:mod:`hmac`: fix a crash when the initialization of the underlying C
	`2`	`+extension module fails.`