Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes

inside subjectAltName correctly. Formerly the module has used OpenSSL's GENERAL_NAME_print() function to get the string represention of ASN.1 strings for rfc822Name (email), dNSName (DNS) and uniformResourceIdentifier (URI).
author: Christian Heimes <christian@cheimes.de> 2013-08-16 22:54:47 (GMT)
committer: Christian Heimes <christian@cheimes.de> 2013-08-16 22:54:47 (GMT)
commit: 824f7f366d1b54d2d3100c3130c04cf1dfb4b47c (patch)
tree: 7ad3483f5c37f77f2d0aa79772c0d07e2c5394dd /Misc
parent: 29c3fc5d8f9e14e10783ab0ecc1bd15e1144cd07 (diff)
download: cpython-824f7f366d1b54d2d3100c3130c04cf1dfb4b47c.zip
cpython-824f7f366d1b54d2d3100c3130c04cf1dfb4b47c.tar.gz
cpython-824f7f366d1b54d2d3100c3130c04cf1dfb4b47c.tar.bz2
1 files changed, 6 insertions, 0 deletions
diff --git a/Misc/NEWS b/Misc/NEWS
index 0dd2d10..720eab3 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -66,6 +66,12 @@ Core and Builtins
 Library
 -------
 
+- Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes
+  inside subjectAltName correctly. Formerly the module has used OpenSSL's
+  GENERAL_NAME_print() function to get the string represention of ASN.1
+  strings for ``rfc822Name`` (email), ``dNSName`` (DNS) and
+  ``uniformResourceIdentifier`` (URI).
+
 - Issue #18405: Improve the entropy of crypt.mksalt().
 
 - Issue #18676: Change 'positive' to 'non-negative' in queue.py put and get
author	Christian Heimes <christian@cheimes.de>	2013-08-16 22:54:47 (GMT)
committer	Christian Heimes <christian@cheimes.de>	2013-08-16 22:54:47 (GMT)
commit	824f7f366d1b54d2d3100c3130c04cf1dfb4b47c (patch)
tree	7ad3483f5c37f77f2d0aa79772c0d07e2c5394dd /Misc
parent	29c3fc5d8f9e14e10783ab0ecc1bd15e1144cd07 (diff)
download	cpython-824f7f366d1b54d2d3100c3130c04cf1dfb4b47c.zip cpython-824f7f366d1b54d2d3100c3130c04cf1dfb4b47c.tar.gz cpython-824f7f366d1b54d2d3100c3130c04cf1dfb4b47c.tar.bz2