]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit
projects / thirdparty / Python / cpython.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 94dbdbb) | patch
[3.9] gh-97612: Fix shell injection in get-remote-certificate.py (GH-97613) (GH-97632)
authorMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Tue, 4 Oct 2022 17:00:16 +0000 (10:00 -0700)
committerGitHub <noreply@github.com>
Tue, 4 Oct 2022 17:00:16 +0000 (10:00 -0700)
commitd6ef6805b2e60a50a83e73bd2f40fc3a03715b32
treec97e86d8c6588d175d8a0d26ca2aa600fa6a5c3btree | snapshot
parent94dbdbbd403950857913049c7445534d7ec86d39commit | diff
[3.9] gh-97612: Fix shell injection in get-remote-certificate.py (GH-97613) (GH-97632)

gh-97612: Fix shell injection in get-remote-certificate.py (GH-97613)

Fix a shell code injection vulnerability in the
get-remote-certificate.py example script. The script no longer uses a
shell to run "openssl" commands. Issue reported and initial fix by
Caleb Shortt.

Remove the Windows code path to send "quit" on stdin to the "openssl
s_client" command: use DEVNULL on all platforms instead.

Co-authored-by: Caleb Shortt <caleb@rgauge.com>
(cherry picked from commit 83a0f44ffd8b398673ae56c310cf5768d359c341)

Co-authored-by: Victor Stinner <vstinner@python.org>
Misc/NEWS.d/next/Security/2022-09-28-12-10-57.gh-issue-97612.y6NvOQ.rst [new file with mode: 0644] blob
Tools/scripts/get-remote-certificate.py diff | blob | blame | history
Mirror of https://github.com/python/cpython.git