diff options
| author | Christian Heimes <christian@python.org> | 2016-09-06 21:25:35 (GMT) |
|---|---|---|
| committer | Christian Heimes <christian@python.org> | 2016-09-06 21:25:35 (GMT) |
| commit | 1c03abd0262f658fc420d3bef6118e49044b9d8b (patch) | |
| tree | c6abd1260aec6e3b6e02054455fc5f2138724ee8 /Modules | |
| parent | 03d13c0cbfe912eb0f9b9a02987b9e569f25fe19 (diff) | |
| download | cpython-1c03abd0262f658fc420d3bef6118e49044b9d8b.zip cpython-1c03abd0262f658fc420d3bef6118e49044b9d8b.tar.gz cpython-1c03abd0262f658fc420d3bef6118e49044b9d8b.tar.bz2 | |
Issue #27691: Fix ssl module's parsing of GEN_RID subject alternative name fields in X.509 certs.
Diffstat (limited to 'Modules')
| -rw-r--r-- | Modules/_ssl.c | 35 |
1 files changed, 34 insertions, 1 deletions
diff --git a/Modules/_ssl.c b/Modules/_ssl.c index b2838ed..a79c3a8 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -1007,6 +1007,35 @@ _get_peer_alt_names (X509 *certificate) { PyTuple_SET_ITEM(t, 1, v); break; + case GEN_RID: + t = PyTuple_New(2); + if (t == NULL) + goto fail; + + v = PyUnicode_FromString("Registered ID"); + if (v == NULL) { + Py_DECREF(t); + goto fail; + } + PyTuple_SET_ITEM(t, 0, v); + + len = i2t_ASN1_OBJECT(buf, sizeof(buf)-1, name->d.rid); + if (len < 0) { + Py_DECREF(t); + _setSSLError(NULL, 0, __FILE__, __LINE__); + goto fail; + } else if (len >= (int)sizeof(buf)) { + v = PyUnicode_FromString("<INVALID>"); + } else { + v = PyUnicode_FromStringAndSize(buf, len); + } + if (v == NULL) { + Py_DECREF(t); + goto fail; + } + PyTuple_SET_ITEM(t, 1, v); + break; + default: /* for everything else, we use the OpenSSL print form */ switch (gntype) { @@ -1033,8 +1062,12 @@ _get_peer_alt_names (X509 *certificate) { goto fail; } vptr = strchr(buf, ':'); - if (vptr == NULL) + if (vptr == NULL) { + PyErr_Format(PyExc_ValueError, + "Invalid value %.200s", + buf); goto fail; + } t = PyTuple_New(2); if (t == NULL) goto fail; |