git.ipfire.org Git - thirdparty/Python/cpython.git/commit

author	Christian Heimes <christian@python.org>
	Tue, 2 Jul 2019 18:39:42 +0000 (20:39 +0200)
committer	Ned Deily <nad@python.org>
	Tue, 2 Jul 2019 18:42:08 +0000 (14:42 -0400)
commit	070fae6d0ff49e63bfd5f2bdc66f8eb1df3b6557
tree	bf94f445c48b472916d502d4f2f06a4994ff7ee8	tree \| snapshot
parent	dcc0eb379613f279864af61023ea44c94aa0535c	commit \| diff

bpo-37463: match_hostname requires quad-dotted IPv4 (GH-14499)

ssl.match_hostname() no longer accepts IPv4 addresses with additional text
after the address and only quad-dotted notation without trailing
whitespaces. Some inet_aton() implementations ignore whitespace and all data
after whitespace, e.g. '127.0.0.1 whatever'.

Short notations like '127.1' for '127.0.0.1' were already filtered out.

The bug was initially found by Dominik Czarnota and reported by Paul Kehrer.

Signed-off-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue37463

Lib/ssl.py		diff \| blob \| blame \| history
Lib/test/test_ssl.py		diff \| blob \| blame \| history
Misc/NEWS.d/next/Security/2019-07-01-08-46-14.bpo-37463.1CHwjE.rst	[new file with mode: 0644]	blob