summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Lib/test/test_ssl.py3
-rw-r--r--Misc/NEWS.d/next/Security/2018-03-25-12-05-43.bpo-33136.TzSN4x.rst3
-rw-r--r--Modules/_ssl.c7
3 files changed, 10 insertions, 3 deletions
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index 8d98b80..36580d5 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -1660,6 +1660,9 @@ class SSLErrorTests(unittest.TestCase):
with self.assertRaises(ValueError):
ctx.wrap_bio(ssl.MemoryBIO(), ssl.MemoryBIO(),
server_hostname=".example.org")
+ with self.assertRaises(TypeError):
+ ctx.wrap_bio(ssl.MemoryBIO(), ssl.MemoryBIO(),
+ server_hostname="example.org\x00evil.com")
class MemoryBIOTests(unittest.TestCase):
diff --git a/Misc/NEWS.d/next/Security/2018-03-25-12-05-43.bpo-33136.TzSN4x.rst b/Misc/NEWS.d/next/Security/2018-03-25-12-05-43.bpo-33136.TzSN4x.rst
new file mode 100644
index 0000000..c350516
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2018-03-25-12-05-43.bpo-33136.TzSN4x.rst
@@ -0,0 +1,3 @@
+Harden ssl module against LibreSSL CVE-2018-8970.
+X509_VERIFY_PARAM_set1_host() is called with an explicit namelen. A new test
+ensures that NULL bytes are not allowed.
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 30c3403..4baabd5 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -852,7 +852,8 @@ _ssl_configure_hostname(PySSLSocket *self, const char* server_hostname)
if (self->ctx->check_hostname) {
X509_VERIFY_PARAM *param = SSL_get0_param(self->ssl);
if (ip == NULL) {
- if (!X509_VERIFY_PARAM_set1_host(param, server_hostname, 0)) {
+ if (!X509_VERIFY_PARAM_set1_host(param, server_hostname,
+ strlen(server_hostname))) {
_setSSLError(NULL, 0, __FILE__, __LINE__);
goto error;
}
@@ -4025,7 +4026,7 @@ _ssl__SSLContext__wrap_socket_impl(PySSLContext *self, PyObject *sock,
PyObject *res;
/* server_hostname is either None (or absent), or to be encoded
- as IDN A-label (ASCII str). */
+ as IDN A-label (ASCII str) without NULL bytes. */
if (hostname_obj != Py_None) {
if (!PyArg_Parse(hostname_obj, "es", "ascii", &hostname))
return NULL;
@@ -4063,7 +4064,7 @@ _ssl__SSLContext__wrap_bio_impl(PySSLContext *self, PySSLMemoryBIO *incoming,
PyObject *res;
/* server_hostname is either None (or absent), or to be encoded
- as IDN A-label (ASCII str). */
+ as IDN A-label (ASCII str) without NULL bytes. */
if (hostname_obj != Py_None) {
if (!PyArg_Parse(hostname_obj, "es", "ascii", &hostname))
return NULL;