[3.13] pythongh-134100: Fix use-after-free in PyImport_ImportModuleLevelObject (pythonGH-134117) (python#134172)

pythongh-134100: Fix use-after-free in `PyImport_ImportModuleLevelObject` (pythonGH-134117)
(cherry picked from commit 4e9005d)

Co-authored-by: Nico-Posada <102486290+Nico-Posada@users.noreply.github.com>
Signed-off-by: Michał Górny <mgorny@gentoo.org>

Author: 2 people

Lib/test/test_importlib/import_/test_relative_imports.py

@@ -223,6 +223,21 @@ def test_relative_import_no_package_exists_absolute(self):
             self.__import__('sys', {'__package__': '', '__spec__': None},
                             level=1)
 
+    def test_malicious_relative_import(self):
+        # https://github.com/python/cpython/issues/134100
+        # Test to make sure UAF bug with error msg doesn't come back to life
+        import sys
+        loooong = "".ljust(0x23000, "b")
+        name = f"a.{loooong}.c"
+
+        with util.uncache(name):
+            sys.modules[name] = {}
+            with self.assertRaisesRegex(
+                KeyError,
+                r"'a\.b+' not in sys\.modules as expected"
+            ):
+                __import__(f"{loooong}.c", {"__package__": "a"}, level=1)
+
 
 (Frozen_RelativeImports,
  Source_RelativeImports

Python/import.c

@@ -1922,15 +1922,17 @@ PyImport_ImportModuleLevelObject(PyObject *name, PyObject *globals,
                 }
 
                 final_mod = import_get_module(tstate, to_return);
-                Py_DECREF(to_return);
                 if (final_mod == NULL) {
                     if (!_PyErr_Occurred(tstate)) {
                         _PyErr_Format(tstate, PyExc_KeyError,
                                       "%R not in sys.modules as expected",
                                       to_return);
                     }
+                    Py_DECREF(to_return);
                     goto error;
                 }
+
+                Py_DECREF(to_return);
             }
         }
         else {