diff options
| author | Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> | 2019-01-15 23:11:52 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-01-15 23:11:52 (GMT) |
| commit | 06b15424b0dcacb1c551b2a36e739fffa8d0c595 (patch) | |
| tree | 867883000e2eec29503875f28be030b923b93cd8 /Lib/test/test_ssl.py | |
| parent | 1462234baf7398a6b00c0f51905e26caa17d3c60 (diff) | |
| download | cpython-06b15424b0dcacb1c551b2a36e739fffa8d0c595.zip cpython-06b15424b0dcacb1c551b2a36e739fffa8d0c595.tar.gz cpython-06b15424b0dcacb1c551b2a36e739fffa8d0c595.tar.bz2 | |
bpo-35746: Fix segfault in ssl's cert parser (GH-11569)
Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL
distribution points with empty DP or URI correctly. A malicious or buggy
certificate can result into segfault.
Signed-off-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue35746
(cherry picked from commit a37f52436f9aa4b9292878b72f3ff1480e2606c3)
Co-authored-by: Christian Heimes <christian@python.org>
Diffstat (limited to 'Lib/test/test_ssl.py')
| -rw-r--r-- | Lib/test/test_ssl.py | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index e476031..9240184 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -72,6 +72,7 @@ NONEXISTINGCERT = data_file("XXXnonexisting.pem") BADKEY = data_file("badkey.pem") NOKIACERT = data_file("nokia.pem") NULLBYTECERT = data_file("nullbytecert.pem") +TALOS_INVALID_CRLDP = data_file("talos-2019-0758.pem") DHFILE = data_file("ffdh3072.pem") BYTES_DHFILE = DHFILE.encode(sys.getfilesystemencoding()) @@ -227,6 +228,27 @@ class BasicSocketTests(unittest.TestCase): self.assertEqual(p['crlDistributionPoints'], ('http://SVRIntl-G3-crl.verisign.com/SVRIntlG3.crl',)) + def test_parse_cert_CVE_2019_5010(self): + p = ssl._ssl._test_decode_cert(TALOS_INVALID_CRLDP) + if support.verbose: + sys.stdout.write("\n" + pprint.pformat(p) + "\n") + self.assertEqual( + p, + { + 'issuer': ( + (('countryName', 'UK'),), (('commonName', 'cody-ca'),)), + 'notAfter': 'Jun 14 18:00:58 2028 GMT', + 'notBefore': 'Jun 18 18:00:58 2018 GMT', + 'serialNumber': '02', + 'subject': ((('countryName', 'UK'),), + (('commonName', + 'codenomicon-vm-2.test.lal.cisco.com'),)), + 'subjectAltName': ( + ('DNS', 'codenomicon-vm-2.test.lal.cisco.com'),), + 'version': 3 + } + ) + def test_parse_cert_CVE_2013_4238(self): p = ssl._ssl._test_decode_cert(NULLBYTECERT) if support.verbose: |