mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-12-23 09:19:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
cpython/Misc
History
Łukasz Langa 75a875e0df
[3.11] gh-108310: Fix CVE-2023-40217: Check for & avoid the ssl pre-close flaw (#108317) 
gh-108310: Fix CVE-2023-40217: Check for & avoid the ssl pre-close flaw

Instances of `ssl.SSLSocket` were vulnerable to a bypass of the TLS handshake
and included protections (like certificate verification) and treating sent
unencrypted data as if it were post-handshake TLS encrypted data.

The vulnerability is caused when a socket is connected, data is sent by the
malicious peer and stored in a buffer, and then the malicious peer closes the
socket within a small timing window before the other peers’ TLS handshake can
begin. After this sequence of events the closed socket will not immediately
attempt a TLS handshake due to not being connected but will also allow the
buffered data to be read as if a successful TLS handshake had occurred.

Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
2023-08-22 19:53:19 +02:00
..
NEWS.d [3.11] gh-108310: Fix CVE-2023-40217: Check for & avoid the ssl pre-close flaw (#108317) 2023-08-22 19:53:19 +02:00
rhel7 gh-95957: Add instructions for Tcl/Tk and OpenSSL on RHEL/CentOS 7 (GH-95964) 2022-08-18 06:32:30 -07:00
ACKS [3.11] gh-106634: Corrected minor asyncio doc issues (GH-106671) (#106711) 2023-07-29 18:07:49 +00:00
coverity_model.c
gdbinit
HISTORY gh-97519: Synchronize links in other copies of HISTORY OF THE SOFTWARE (GH-97520) 2022-09-25 02:02:09 -07:00
indent.pro
Porting
python-config.in
python-config.sh.in
python-embed.pc.in
python.man gh-95778: add doc missing in some places (GH-100627) 2022-12-30 13:51:06 -08:00
python.pc.in
README bpo-23469: Delete Wing IDE configuration files (GH-30067) 2021-12-14 15:01:13 +02:00
README.AIX bpo-42087: Remove support for AIX 5.3 and below (GH-22830) 2020-11-16 16:16:10 +01:00
README.coverity
README.valgrind closes docs: remove references to Py_USING_MEMORY_DEBUGGER (GH-30284) 2021-12-29 16:20:42 -06:00
requirements-test.txt Update tzdata to 2020.3 (GH-22856) 2020-10-21 06:40:43 -07:00
SpecialBuilds.txt gh-78607: Replace __ltrace__ with __lltrace__ (GH-91619) 2022-04-16 18:57:00 -04:00
stable_abi.toml gh-98680: Add PyBUF_* constants to the Limited API listing (GH-100018) 2022-12-05 09:12:44 -08:00
svnmap.txt
valgrind-python.supp
vgrindefs

README 

Python Misc subdirectory
========================

This directory contains files that wouldn't fit in elsewhere.  Some
documents are only of historic importance.

Files found here
----------------

ACKS                    Acknowledgements
gdbinit                 Handy stuff to put in your .gdbinit file, if you use gdb
HISTORY                 News from previous releases -- oldest last
indent.pro              GNU indent profile approximating my C style
NEWS                    News for this release (for some meaning of "this")
Porting                 Mini-FAQ on porting to new platforms
python-config.in        Python script template for python-config
python.man              UNIX man page for the python interpreter
python.pc.in            Package configuration info template for pkg-config
README                  The file you're reading now
README.AIX              Information about using Python on AIX
README.coverity         Information about running Coverity's Prevent on Python
README.valgrind         Information for Valgrind users, see valgrind-python.supp
SpecialBuilds.txt       Describes extra symbols you can set for debug builds
svnmap.txt              Map of old SVN revs and branches to hg changeset ids,
                        help history-digging
valgrind-python.supp    Valgrind suppression file, see README.valgrind
vgrindefs               Python configuration for vgrind (a generic pretty printer)