traverseda
/
cpython
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[3.7] bpo-33136: Harden ssl module against CVE-2018-8970 (GH-6229) (GH-6230) 

Harden ssl module against LibreSSL CVE-2018-8970.
X509_VERIFY_PARAM_set1_host() is called with an explicit namelen. A new test
ensures that NULL bytes are not allowed.

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit d02ac25ab0)

Co-authored-by: Christian Heimes <christian@python.org>
This commit is contained in:
Miss Islington (bot) 2018-03-25 04:28:20 -07:00 committed by Christian Heimes
parent c6d94c37f4
commit 2dd885eaa0
3 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Lib/test/test_ssl.py
View File

@ -1660,6 +1660,9 @@ class SSLErrorTests(unittest.TestCase):
with self.assertRaises(ValueError): with self.assertRaises(ValueError):
ctx.wrap_bio(ssl.MemoryBIO(), ssl.MemoryBIO(), ctx.wrap_bio(ssl.MemoryBIO(), ssl.MemoryBIO(),
server_hostname=".example.org") server_hostname=".example.org")
with self.assertRaises(TypeError):
ctx.wrap_bio(ssl.MemoryBIO(), ssl.MemoryBIO(),
server_hostname="example.org\x00evil.com")
class MemoryBIOTests(unittest.TestCase): class MemoryBIOTests(unittest.TestCase):

3
Misc/NEWS.d/next/Security/2018-03-25-12-05-43.bpo-33136.TzSN4x.rst Normal file
View File

@ -0,0 +1,3 @@
Harden ssl module against LibreSSL CVE-2018-8970.
X509_VERIFY_PARAM_set1_host() is called with an explicit namelen. A new test
ensures that NULL bytes are not allowed.

7
Modules/_ssl.c
View File

@ -852,7 +852,8 @@ _ssl_configure_hostname(PySSLSocket *self, const char* server_hostname)
if (self->ctx->check_hostname) { if (self->ctx->check_hostname) {
X509_VERIFY_PARAM *param = SSL_get0_param(self->ssl); X509_VERIFY_PARAM *param = SSL_get0_param(self->ssl);
if (ip == NULL) { if (ip == NULL) {
if (!X509_VERIFY_PARAM_set1_host(param, server_hostname, 0)) { if (!X509_VERIFY_PARAM_set1_host(param, server_hostname,
strlen(server_hostname))) {
_setSSLError(NULL, 0, __FILE__, __LINE__); _setSSLError(NULL, 0, __FILE__, __LINE__);
goto error; goto error;
} }
@ -4025,7 +4026,7 @@ _ssl__SSLContext__wrap_socket_impl(PySSLContext *self, PyObject *sock,
PyObject *res; PyObject *res;
/* server_hostname is either None (or absent), or to be encoded /* server_hostname is either None (or absent), or to be encoded
as IDN A-label (ASCII str). */ as IDN A-label (ASCII str) without NULL bytes. */
if (hostname_obj != Py_None) { if (hostname_obj != Py_None) {
if (!PyArg_Parse(hostname_obj, "es", "ascii", &hostname)) if (!PyArg_Parse(hostname_obj, "es", "ascii", &hostname))
return NULL; return NULL;
@ -4063,7 +4064,7 @@ _ssl__SSLContext__wrap_bio_impl(PySSLContext *self, PySSLMemoryBIO *incoming,
PyObject *res; PyObject *res;
/* server_hostname is either None (or absent), or to be encoded /* server_hostname is either None (or absent), or to be encoded
as IDN A-label (ASCII str). */ as IDN A-label (ASCII str) without NULL bytes. */
if (hostname_obj != Py_None) { if (hostname_obj != Py_None) {
if (!PyArg_Parse(hostname_obj, "es", "ascii", &hostname)) if (!PyArg_Parse(hostname_obj, "es", "ascii", &hostname))
return NULL; return NULL;