cpython.git - https://github.com/python/cpython.git

diff options

author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>	2022-10-04 17:00:16 (GMT)
committer	GitHub <noreply@github.com>	2022-10-04 17:00:16 (GMT)
commit	d6ef6805b2e60a50a83e73bd2f40fc3a03715b32 (patch)
tree	c97e86d8c6588d175d8a0d26ca2aa600fa6a5c3b /Python/future.c
parent	94dbdbbd403950857913049c7445534d7ec86d39 (diff)
download	cpython-d6ef6805b2e60a50a83e73bd2f40fc3a03715b32.zip cpython-d6ef6805b2e60a50a83e73bd2f40fc3a03715b32.tar.gz cpython-d6ef6805b2e60a50a83e73bd2f40fc3a03715b32.tar.bz2

[3.9] gh-97612: Fix shell injection in get-remote-certificate.py (GH-97613) (GH-97632)

gh-97612: Fix shell injection in get-remote-certificate.py (GH-97613) Fix a shell code injection vulnerability in the get-remote-certificate.py example script. The script no longer uses a shell to run "openssl" commands. Issue reported and initial fix by Caleb Shortt. Remove the Windows code path to send "quit" on stdin to the "openssl s_client" command: use DEVNULL on all platforms instead. Co-authored-by: Caleb Shortt <caleb@rgauge.com> (cherry picked from commit 83a0f44ffd8b398673ae56c310cf5768d359c341) Co-authored-by: Victor Stinner <vstinner@python.org>

Diffstat (limited to 'Python/future.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: