mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-10-07 07:31:46 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 13

[3.7] bpo-33136: Harden ssl module against CVE-2018-8970 (GH-6229) (GH-6230)

Browse source 
Harden ssl module against LibreSSL CVE-2018-8970.
X509_VERIFY_PARAM_set1_host() is called with an explicit namelen. A new test
ensures that NULL bytes are not allowed.

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit d02ac25ab0)

Co-authored-by: Christian Heimes <christian@python.org>
This commit is contained in:
Miss Islington (bot) 2018-03-25 04:28:20 -07:00 committed by Christian Heimes
parent c6d94c37f4
commit 2dd885eaa0
3 changed files with 10 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

3
Lib/test/test_ssl.py
View file

@ -1660,6 +1660,9 @@ class SSLErrorTests(unittest.TestCase):
with self.assertRaises(ValueError):
ctx.wrap_bio(ssl.MemoryBIO(), ssl.MemoryBIO(),
server_hostname=".example.org")
with self.assertRaises(TypeError):
ctx.wrap_bio(ssl.MemoryBIO(), ssl.MemoryBIO(),
server_hostname="example.org\x00evil.com")
class MemoryBIOTests(unittest.TestCase):