]> granicus.if.org Git - python/commit
projects / python / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c6d94c3) | patch
[3.7] bpo-33136: Harden ssl module against CVE-2018-8970 (GH-6229) (GH-6230)
authorMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Sun, 25 Mar 2018 11:28:20 +0000 (04:28 -0700)
committerChristian Heimes <christian@python.org>
Sun, 25 Mar 2018 11:28:20 +0000 (13:28 +0200)
commit2dd885eaa0d427e84892673c83d697bca5427c8b
tree94b922fbc13526a685da0a443e69b9a00c249a1etree | snapshot
parentc6d94c37f4fd863c73fbfbcc918fd23b458b5301commit | diff
[3.7] bpo-33136: Harden ssl module against CVE-2018-8970 (GH-6229) (GH-6230)

Harden ssl module against LibreSSL CVE-2018-8970.
X509_VERIFY_PARAM_set1_host() is called with an explicit namelen. A new test
ensures that NULL bytes are not allowed.

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit d02ac25ab0879f1a6de6937573bf00a16b7bd22e)

Co-authored-by: Christian Heimes <christian@python.org>
Lib/test/test_ssl.py diff | blob | history
Misc/NEWS.d/next/Security/2018-03-25-12-05-43.bpo-33136.TzSN4x.rst [new file with mode: 0644] blob
Modules/_ssl.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.