]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit
projects / thirdparty / Python / cpython.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 19b8d90) | patch
bpo-37463: match_hostname requires quad-dotted IPv4 (GH-14499)
authorMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Tue, 2 Jul 2019 21:22:53 +0000 (14:22 -0700)
committerGitHub <noreply@github.com>
Tue, 2 Jul 2019 21:22:53 +0000 (14:22 -0700)
commit024ea2170b7c1652a62cc7458e736c63d4970eb1
tree6e495b2a4350bb933225d21aad08ae216f33fc50tree | snapshot
parent19b8d903b0dd43dc405c4d6e1c61c3429020545ecommit | diff
bpo-37463: match_hostname requires quad-dotted IPv4 (GH-14499)

ssl.match_hostname() no longer accepts IPv4 addresses with additional text
after the address and only quad-dotted notation without trailing
whitespaces. Some inet_aton() implementations ignore whitespace and all data
after whitespace, e.g. '127.0.0.1 whatever'.

Short notations like '127.1' for '127.0.0.1' were already filtered out.

The bug was initially found by Dominik Czarnota and reported by Paul Kehrer.

Signed-off-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue37463
(cherry picked from commit 477b1b25768945621d466a8b3f0739297a842439)

Co-authored-by: Christian Heimes <christian@python.org>
Lib/ssl.py diff | blob | blame | history
Lib/test/test_ssl.py diff | blob | blame | history
Misc/NEWS.d/next/Security/2019-07-01-08-46-14.bpo-37463.1CHwjE.rst [new file with mode: 0644] blob
Mirror of https://github.com/python/cpython.git