mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-12-23 09:19:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
cpython/Misc
History
Łukasz Langa 37d7180cb6
[3.10] gh-108310: Fix CVE-2023-40217: Check for & avoid the ssl pre-close flaw (#108318) 
gh-108310: Fix CVE-2023-40217: Check for & avoid the ssl pre-close flaw

Instances of `ssl.SSLSocket` were vulnerable to a bypass of the TLS handshake
and included protections (like certificate verification) and treating sent
unencrypted data as if it were post-handshake TLS encrypted data.

The vulnerability is caused when a socket is connected, data is sent by the
malicious peer and stored in a buffer, and then the malicious peer closes the
socket within a small timing window before the other peers’ TLS handshake can
begin. After this sequence of events the closed socket will not immediately
attempt a TLS handshake due to not being connected but will also allow the
buffered data to be read as if a successful TLS handshake had occurred.

Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
2023-08-22 19:53:23 +02:00
..
NEWS.d [3.10] gh-108310: Fix CVE-2023-40217: Check for & avoid the ssl pre-close flaw (#108318) 2023-08-22 19:53:23 +02:00
ACKS gh-94440: Fix issue of ProcessPoolExecutor shutdown hanging (GH-94468) 2023-03-15 22:08:11 -07:00
coverity_model.c
gdbinit
HISTORY gh-97519: Synchronize links in other copies of HISTORY OF THE SOFTWARE (GH-97520) 2022-09-25 02:04:59 -07:00
indent.pro
Porting
python-config.in
python-config.sh.in
python-embed.pc.in
python-wing3.wpr
python-wing4.wpr
python-wing5.wpr
python.man [3.10] gh-95778: add doc missing in some places (GH-100627). (#101065) 2023-01-21 10:10:57 +01:00
python.pc.in
README
README.AIX
README.coverity
README.valgrind
requirements-test.txt
SpecialBuilds.txt
stable_abi.txt gh-91271: Document which parts of structs are in limited API/stable ABI (GH-32196) (GH-95711) 2022-08-05 17:30:51 +02:00
svnmap.txt
valgrind-python.supp
vgrindefs

README 

Python Misc subdirectory
========================

This directory contains files that wouldn't fit in elsewhere.  Some
documents are only of historic importance.

Files found here
----------------

ACKS                    Acknowledgements
gdbinit                 Handy stuff to put in your .gdbinit file, if you use gdb
HISTORY                 News from previous releases -- oldest last
indent.pro              GNU indent profile approximating my C style
NEWS                    News for this release (for some meaning of "this")
Porting                 Mini-FAQ on porting to new platforms
python-config.in        Python script template for python-config
python.man              UNIX man page for the python interpreter
python.pc.in            Package configuration info template for pkg-config
python-wing*.wpr        Wing IDE project file
README                  The file you're reading now
README.AIX              Information about using Python on AIX
README.coverity         Information about running Coverity's Prevent on Python
README.valgrind         Information for Valgrind users, see valgrind-python.supp
SpecialBuilds.txt       Describes extra symbols you can set for debug builds
svnmap.txt              Map of old SVN revs and branches to hg changeset ids,
                        help history-digging
valgrind-python.supp    Valgrind suppression file, see README.valgrind
vgrindefs               Python configuration for vgrind (a generic pretty printer)