diff options
author | Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> | 2018-03-25 04:28:20 -0700 |
---|---|---|
committer | Christian Heimes <christian@python.org> | 2018-03-25 13:28:20 +0200 |
commit | 2dd885eaa0d427e84892673c83d697bca5427c8b (patch) | |
tree | 94b922fbc13526a685da0a443e69b9a00c249a1e /Modules/_ssl.c | |
parent | c6d94c37f4fd863c73fbfbcc918fd23b458b5301 (diff) | |
download | cpython-git-2dd885eaa0d427e84892673c83d697bca5427c8b.tar.gz |
[3.7] bpo-33136: Harden ssl module against CVE-2018-8970 (GH-6229) (GH-6230)
Harden ssl module against LibreSSL CVE-2018-8970.
X509_VERIFY_PARAM_set1_host() is called with an explicit namelen. A new test
ensures that NULL bytes are not allowed.
Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit d02ac25ab0879f1a6de6937573bf00a16b7bd22e)
Co-authored-by: Christian Heimes <christian@python.org>
Diffstat (limited to 'Modules/_ssl.c')
-rw-r--r-- | Modules/_ssl.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 30c340376a..4baabd52bc 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -852,7 +852,8 @@ _ssl_configure_hostname(PySSLSocket *self, const char* server_hostname) if (self->ctx->check_hostname) { X509_VERIFY_PARAM *param = SSL_get0_param(self->ssl); if (ip == NULL) { - if (!X509_VERIFY_PARAM_set1_host(param, server_hostname, 0)) { + if (!X509_VERIFY_PARAM_set1_host(param, server_hostname, + strlen(server_hostname))) { _setSSLError(NULL, 0, __FILE__, __LINE__); goto error; } @@ -4025,7 +4026,7 @@ _ssl__SSLContext__wrap_socket_impl(PySSLContext *self, PyObject *sock, PyObject *res; /* server_hostname is either None (or absent), or to be encoded - as IDN A-label (ASCII str). */ + as IDN A-label (ASCII str) without NULL bytes. */ if (hostname_obj != Py_None) { if (!PyArg_Parse(hostname_obj, "es", "ascii", &hostname)) return NULL; @@ -4063,7 +4064,7 @@ _ssl__SSLContext__wrap_bio_impl(PySSLContext *self, PySSLMemoryBIO *incoming, PyObject *res; /* server_hostname is either None (or absent), or to be encoded - as IDN A-label (ASCII str). */ + as IDN A-label (ASCII str) without NULL bytes. */ if (hostname_obj != Py_None) { if (!PyArg_Parse(hostname_obj, "es", "ascii", &hostname)) return NULL; |