bpo-33136: Harden ssl module against CVE-2018-8970 (GH-6229)
Harden ssl module against LibreSSL CVE-2018-8970. X509_VERIFY_PARAM_set1_host() is called with an explicit namelen. A new test ensures that NULL bytes are not allowed. Signed-off-by: Christian Heimes <christian@python.org>
This commit is contained in:
parent
e4ce9fa89c
commit
d02ac25ab0
|
@ -1660,6 +1660,9 @@ class SSLErrorTests(unittest.TestCase):
|
||||||
with self.assertRaises(ValueError):
|
with self.assertRaises(ValueError):
|
||||||
ctx.wrap_bio(ssl.MemoryBIO(), ssl.MemoryBIO(),
|
ctx.wrap_bio(ssl.MemoryBIO(), ssl.MemoryBIO(),
|
||||||
server_hostname=".example.org")
|
server_hostname=".example.org")
|
||||||
|
with self.assertRaises(TypeError):
|
||||||
|
ctx.wrap_bio(ssl.MemoryBIO(), ssl.MemoryBIO(),
|
||||||
|
server_hostname="example.org\x00evil.com")
|
||||||
|
|
||||||
|
|
||||||
class MemoryBIOTests(unittest.TestCase):
|
class MemoryBIOTests(unittest.TestCase):
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
Harden ssl module against LibreSSL CVE-2018-8970.
|
||||||
|
X509_VERIFY_PARAM_set1_host() is called with an explicit namelen. A new test
|
||||||
|
ensures that NULL bytes are not allowed.
|
|
@ -852,7 +852,8 @@ _ssl_configure_hostname(PySSLSocket *self, const char* server_hostname)
|
||||||
if (self->ctx->check_hostname) {
|
if (self->ctx->check_hostname) {
|
||||||
X509_VERIFY_PARAM *param = SSL_get0_param(self->ssl);
|
X509_VERIFY_PARAM *param = SSL_get0_param(self->ssl);
|
||||||
if (ip == NULL) {
|
if (ip == NULL) {
|
||||||
if (!X509_VERIFY_PARAM_set1_host(param, server_hostname, 0)) {
|
if (!X509_VERIFY_PARAM_set1_host(param, server_hostname,
|
||||||
|
strlen(server_hostname))) {
|
||||||
_setSSLError(NULL, 0, __FILE__, __LINE__);
|
_setSSLError(NULL, 0, __FILE__, __LINE__);
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
@ -4025,7 +4026,7 @@ _ssl__SSLContext__wrap_socket_impl(PySSLContext *self, PyObject *sock,
|
||||||
PyObject *res;
|
PyObject *res;
|
||||||
|
|
||||||
/* server_hostname is either None (or absent), or to be encoded
|
/* server_hostname is either None (or absent), or to be encoded
|
||||||
as IDN A-label (ASCII str). */
|
as IDN A-label (ASCII str) without NULL bytes. */
|
||||||
if (hostname_obj != Py_None) {
|
if (hostname_obj != Py_None) {
|
||||||
if (!PyArg_Parse(hostname_obj, "es", "ascii", &hostname))
|
if (!PyArg_Parse(hostname_obj, "es", "ascii", &hostname))
|
||||||
return NULL;
|
return NULL;
|
||||||
|
@ -4063,7 +4064,7 @@ _ssl__SSLContext__wrap_bio_impl(PySSLContext *self, PySSLMemoryBIO *incoming,
|
||||||
PyObject *res;
|
PyObject *res;
|
||||||
|
|
||||||
/* server_hostname is either None (or absent), or to be encoded
|
/* server_hostname is either None (or absent), or to be encoded
|
||||||
as IDN A-label (ASCII str). */
|
as IDN A-label (ASCII str) without NULL bytes. */
|
||||||
if (hostname_obj != Py_None) {
|
if (hostname_obj != Py_None) {
|
||||||
if (!PyArg_Parse(hostname_obj, "es", "ascii", &hostname))
|
if (!PyArg_Parse(hostname_obj, "es", "ascii", &hostname))
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
Loading…
Reference in New Issue