]> granicus.if.org Git - python/commit
projects / python / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 632cb36) | patch
bpo-37463: match_hostname requires quad-dotted IPv4 (GH-14499)
authorMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Tue, 2 Jul 2019 21:06:18 +0000 (14:06 -0700)
committerGitHub <noreply@github.com>
Tue, 2 Jul 2019 21:06:18 +0000 (14:06 -0700)
commit3cba3d3c55f230a59174a0dfcafb1d4685269e60
tree8bda4958e960cb3d18e87a8d41e83e2a02b29401tree | snapshot
parent632cb36084dc9d13f1cdb31a0e7e3ba80745a51acommit | diff
bpo-37463: match_hostname requires quad-dotted IPv4 (GH-14499)

ssl.match_hostname() no longer accepts IPv4 addresses with additional text
after the address and only quad-dotted notation without trailing
whitespaces. Some inet_aton() implementations ignore whitespace and all data
after whitespace, e.g. '127.0.0.1 whatever'.

Short notations like '127.1' for '127.0.0.1' were already filtered out.

The bug was initially found by Dominik Czarnota and reported by Paul Kehrer.

Signed-off-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue37463
(cherry picked from commit 477b1b25768945621d466a8b3f0739297a842439)

Co-authored-by: Christian Heimes <christian@python.org>
Lib/ssl.py diff | blob | history
Lib/test/test_ssl.py diff | blob | history
Misc/NEWS.d/next/Security/2019-07-01-08-46-14.bpo-37463.1CHwjE.rst [new file with mode: 0644] blob
Unnamed repository; edit this file 'description' to name the repository.