diff options
| author | Christian Heimes <christian@python.org> | 2016-09-06 21:27:06 (GMT) |
|---|---|---|
| committer | Christian Heimes <christian@python.org> | 2016-09-06 21:27:06 (GMT) |
| commit | fe3c9c1ee9d59f0b1d174210132e71037fd7f2e8 (patch) | |
| tree | 850214f33ff477feeac47de3990ae6c11dd7f37b /Modules | |
| parent | 87bf0febcb59a389eb62bcb467b7ec9c4974be49 (diff) | |
| parent | 1c03abd0262f658fc420d3bef6118e49044b9d8b (diff) | |
| download | cpython-fe3c9c1ee9d59f0b1d174210132e71037fd7f2e8.zip cpython-fe3c9c1ee9d59f0b1d174210132e71037fd7f2e8.tar.gz cpython-fe3c9c1ee9d59f0b1d174210132e71037fd7f2e8.tar.bz2 | |
Issue #27691: Fix ssl module's parsing of GEN_RID subject alternative name fields in X.509 certs.
Diffstat (limited to 'Modules')
| -rw-r--r-- | Modules/_ssl.c | 35 |
1 files changed, 34 insertions, 1 deletions
diff --git a/Modules/_ssl.c b/Modules/_ssl.c index dcfa95a..b4fac44 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -1007,6 +1007,35 @@ _get_peer_alt_names (X509 *certificate) { PyTuple_SET_ITEM(t, 1, v); break; + case GEN_RID: + t = PyTuple_New(2); + if (t == NULL) + goto fail; + + v = PyUnicode_FromString("Registered ID"); + if (v == NULL) { + Py_DECREF(t); + goto fail; + } + PyTuple_SET_ITEM(t, 0, v); + + len = i2t_ASN1_OBJECT(buf, sizeof(buf)-1, name->d.rid); + if (len < 0) { + Py_DECREF(t); + _setSSLError(NULL, 0, __FILE__, __LINE__); + goto fail; + } else if (len >= (int)sizeof(buf)) { + v = PyUnicode_FromString("<INVALID>"); + } else { + v = PyUnicode_FromStringAndSize(buf, len); + } + if (v == NULL) { + Py_DECREF(t); + goto fail; + } + PyTuple_SET_ITEM(t, 1, v); + break; + default: /* for everything else, we use the OpenSSL print form */ switch (gntype) { @@ -1033,8 +1062,12 @@ _get_peer_alt_names (X509 *certificate) { goto fail; } vptr = strchr(buf, ':'); - if (vptr == NULL) + if (vptr == NULL) { + PyErr_Format(PyExc_ValueError, + "Invalid value %.200s", + buf); goto fail; + } t = PyTuple_New(2); if (t == NULL) goto fail; |