diff options
| author | Christian Heimes <christian@python.org> | 2018-03-25 10:36:13 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-03-25 10:36:13 (GMT) |
| commit | d02ac25ab0879f1a6de6937573bf00a16b7bd22e (patch) | |
| tree | a0843a85918e73dc71d7279eac60382928c95de7 | |
| parent | e4ce9fa89cb542dced553710b05de85202bc4715 (diff) | |
| download | cpython-d02ac25ab0879f1a6de6937573bf00a16b7bd22e.zip cpython-d02ac25ab0879f1a6de6937573bf00a16b7bd22e.tar.gz cpython-d02ac25ab0879f1a6de6937573bf00a16b7bd22e.tar.bz2 | |
bpo-33136: Harden ssl module against CVE-2018-8970 (GH-6229)
Harden ssl module against LibreSSL CVE-2018-8970.
X509_VERIFY_PARAM_set1_host() is called with an explicit namelen. A new test
ensures that NULL bytes are not allowed.
Signed-off-by: Christian Heimes <christian@python.org>
| -rw-r--r-- | Lib/test/test_ssl.py | 3 | ||||
| -rw-r--r-- | Misc/NEWS.d/next/Security/2018-03-25-12-05-43.bpo-33136.TzSN4x.rst | 3 | ||||
| -rw-r--r-- | Modules/_ssl.c | 7 |
3 files changed, 10 insertions, 3 deletions
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index 8d98b80..36580d5 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -1660,6 +1660,9 @@ class SSLErrorTests(unittest.TestCase): with self.assertRaises(ValueError): ctx.wrap_bio(ssl.MemoryBIO(), ssl.MemoryBIO(), server_hostname=".example.org") + with self.assertRaises(TypeError): + ctx.wrap_bio(ssl.MemoryBIO(), ssl.MemoryBIO(), + server_hostname="example.org\x00evil.com") class MemoryBIOTests(unittest.TestCase): diff --git a/Misc/NEWS.d/next/Security/2018-03-25-12-05-43.bpo-33136.TzSN4x.rst b/Misc/NEWS.d/next/Security/2018-03-25-12-05-43.bpo-33136.TzSN4x.rst new file mode 100644 index 0000000..c350516 --- /dev/null +++ b/Misc/NEWS.d/next/Security/2018-03-25-12-05-43.bpo-33136.TzSN4x.rst @@ -0,0 +1,3 @@ +Harden ssl module against LibreSSL CVE-2018-8970. +X509_VERIFY_PARAM_set1_host() is called with an explicit namelen. A new test +ensures that NULL bytes are not allowed. diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 30c3403..4baabd5 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -852,7 +852,8 @@ _ssl_configure_hostname(PySSLSocket *self, const char* server_hostname) if (self->ctx->check_hostname) { X509_VERIFY_PARAM *param = SSL_get0_param(self->ssl); if (ip == NULL) { - if (!X509_VERIFY_PARAM_set1_host(param, server_hostname, 0)) { + if (!X509_VERIFY_PARAM_set1_host(param, server_hostname, + strlen(server_hostname))) { _setSSLError(NULL, 0, __FILE__, __LINE__); goto error; } @@ -4025,7 +4026,7 @@ _ssl__SSLContext__wrap_socket_impl(PySSLContext *self, PyObject *sock, PyObject *res; /* server_hostname is either None (or absent), or to be encoded - as IDN A-label (ASCII str). */ + as IDN A-label (ASCII str) without NULL bytes. */ if (hostname_obj != Py_None) { if (!PyArg_Parse(hostname_obj, "es", "ascii", &hostname)) return NULL; @@ -4063,7 +4064,7 @@ _ssl__SSLContext__wrap_bio_impl(PySSLContext *self, PySSLMemoryBIO *incoming, PyObject *res; /* server_hostname is either None (or absent), or to be encoded - as IDN A-label (ASCII str). */ + as IDN A-label (ASCII str) without NULL bytes. */ if (hostname_obj != Py_None) { if (!PyArg_Parse(hostname_obj, "es", "ascii", &hostname)) return NULL; |