Looks like code in this check cannot ever be reached:

At this pointsession cannot beNULL, because it is checked right above:

I guess that it was intended to checknewsession variable instead.

Docs say:https://www.openssl.org/docs/man1.0.2/man3/d2i_SSL_SESSION.html

d2i_SSL_SESSION() returns a pointer to the newly allocated SSL_SESSION object. In case of failure the NULL-pointer is returned and the error message can be retrieved from the error stack.

One more thing that bothers me here is that error is not set. We just returnNULL which can theoretically crash the interpeter.

So, my plan is to:

1. Checknewsession instead
2. Add aValueError there

Originally introduced in99a6570

PR is on its way.

Found by Linux Verification Center (portal.linuxtesting.ru) with SVACE.

Author A. Voronin.

Linked PRs

• gh-106831: FixNULL check ofd2i_SSL_SESSION result in_ssl.c #106832
• [3.12] gh-106831: Fix NULL check of d2i_SSL_SESSION() result in _ssl.c (GH-106832) #106835
• [3.11] gh-106831: Fix NULL check of d2i_SSL_SESSION() result in _ssl.c (GH-106832) #106836