bpo-35746: Fix segfault in ssl's cert parser (GH-11569)

Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL distribution points with empty DP or URI correctly. A malicious or buggy certificate can result into segfault. Signed-off-by: Christian Heimes <christian@python.org> https://bugs.python.org/issue35746
author: Christian Heimes <christian@python.org> 2019-01-15 22:47:42 (GMT)
committer: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> 2019-01-15 22:47:42 (GMT)
commit: a37f52436f9aa4b9292878b72f3ff1480e2606c3 (patch)
tree: 241263055db201418a7288a883eefd783ff59364 /Misc
parent: c9f872b0bdce5888f1879fa74e098bf4a05430c5 (diff)
download: cpython-a37f52436f9aa4b9292878b72f3ff1480e2606c3.zip
cpython-a37f52436f9aa4b9292878b72f3ff1480e2606c3.tar.gz
cpython-a37f52436f9aa4b9292878b72f3ff1480e2606c3.tar.bz2
1 files changed, 3 insertions, 0 deletions
diff --git a/Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst b/Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst
new file mode 100644
index 0000000..dffe347
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst
@@ -0,0 +1,3 @@
+[CVE-2019-5010] Fix a NULL pointer deref in ssl module. The cert parser did
+not handle CRL distribution points with empty DP or URI correctly. A
+malicious or buggy certificate can result into segfault.
author	Christian Heimes <christian@python.org>	2019-01-15 22:47:42 (GMT)
committer	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>	2019-01-15 22:47:42 (GMT)
commit	a37f52436f9aa4b9292878b72f3ff1480e2606c3 (patch)
tree	241263055db201418a7288a883eefd783ff59364 /Misc
parent	c9f872b0bdce5888f1879fa74e098bf4a05430c5 (diff)
download	cpython-a37f52436f9aa4b9292878b72f3ff1480e2606c3.zip cpython-a37f52436f9aa4b9292878b72f3ff1480e2606c3.tar.gz cpython-a37f52436f9aa4b9292878b72f3ff1480e2606c3.tar.bz2