]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit
projects / thirdparty / Python / cpython.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d16eaf3) | patch
bpo-35746: Fix segfault in ssl's cert parser (GH-11569) (#11868)
authorVictor Stinner <vstinner@redhat.com>
Mon, 25 Feb 2019 21:28:36 +0000 (22:28 +0100)
committerlarryhastings <larry@hastings.org>
Mon, 25 Feb 2019 21:28:36 +0000 (13:28 -0800)
commit6c655ce34ae54adb8eef22b73108e22cc381cb8d
tree38f1d4b0beaa4c36f14d839bd8484e9bd489c6aatree | snapshot
parentd16eaf36795da48b930b80b20d3805bc27820712commit | diff
bpo-35746: Fix segfault in ssl's cert parser (GH-11569) (#11868)

Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL
distribution points with empty DP or URI correctly. A malicious or buggy
certificate can result into segfault.

Vulnerability (TALOS-2018-0758) reported by Colin Read and Nicolas
Edet of Cisco.

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit a37f52436f9aa4b9292878b72f3ff1480e2606c3)
Lib/test/talos-2019-0758.pem [new file with mode: 0644] blob
Lib/test/test_ssl.py diff | blob | blame | history
Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst [new file with mode: 0644] blob
Modules/_ssl.c diff | blob | blame | history
Mirror of https://github.com/python/cpython.git