From: Nathaniel J. Smith <njs@pobox.com>
Date: Fri, 9 Jun 2017 09:35:16 +0000 (-0700)
Subject: Add a test for bad IDNA in ssl server_hostname (#1997)
X-Git-Tag: v3.7.0a1~660
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=59fdf0f3ba0469f5ee45eee59cc166411fbe0b75;p=thirdparty%2FPython%2Fcpython.git

Add a test for bad IDNA in ssl server_hostname (#1997)

See discussion:
  https://github.com/python/cpython/pull/1992#issuecomment-307024778
---

diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index 8dcd3b613dd3..fdaf1c52046f 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -1393,6 +1393,16 @@ class SSLErrorTests(unittest.TestCase):
                 # For compatibility
                 self.assertEqual(cm.exception.errno, ssl.SSL_ERROR_WANT_READ)
 
+    def test_bad_idna_in_server_hostname(self):
+        # Note: this test is testing some code that probably shouldn't exist
+        # in the first place, so if it starts failing at some point because
+        # you made the ssl module stop doing IDNA decoding then please feel
+        # free to remove it. The test was mainly added because this case used
+        # to cause memory corruption (see bpo-30594).
+        ctx = ssl.create_default_context()
+        with self.assertRaises(UnicodeError):
+            ctx.wrap_bio(ssl.MemoryBIO(), ssl.MemoryBIO(),
+                         server_hostname="xn--.com")
 
 class MemoryBIOTests(unittest.TestCase):