diff options
| author | Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> | 2019-01-15 23:11:52 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-01-15 23:11:52 (GMT) |
| commit | 06b15424b0dcacb1c551b2a36e739fffa8d0c595 (patch) | |
| tree | 867883000e2eec29503875f28be030b923b93cd8 /Modules | |
| parent | 1462234baf7398a6b00c0f51905e26caa17d3c60 (diff) | |
| download | cpython-06b15424b0dcacb1c551b2a36e739fffa8d0c595.zip cpython-06b15424b0dcacb1c551b2a36e739fffa8d0c595.tar.gz cpython-06b15424b0dcacb1c551b2a36e739fffa8d0c595.tar.bz2 | |
bpo-35746: Fix segfault in ssl's cert parser (GH-11569)
Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL
distribution points with empty DP or URI correctly. A malicious or buggy
certificate can result into segfault.
Signed-off-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue35746
(cherry picked from commit a37f52436f9aa4b9292878b72f3ff1480e2606c3)
Co-authored-by: Christian Heimes <christian@python.org>
Diffstat (limited to 'Modules')
| -rw-r--r-- | Modules/_ssl.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/Modules/_ssl.c b/Modules/_ssl.c index a96c419..19bb120 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -1223,6 +1223,10 @@ _get_crl_dp(X509 *certificate) { STACK_OF(GENERAL_NAME) *gns; dp = sk_DIST_POINT_value(dps, i); + if (dp->distpoint == NULL) { + /* Ignore empty DP value, CVE-2019-5010 */ + continue; + } gns = dp->distpoint->name.fullname; for (j=0; j < sk_GENERAL_NAME_num(gns); j++) { |