]> granicus.if.org Git - python/commit
bpo-37463: match_hostname requires quad-dotted IPv4 (GH-14499)
authorChristian Heimes <christian@python.org>
Tue, 2 Jul 2019 18:39:42 +0000 (20:39 +0200)
committerMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Tue, 2 Jul 2019 18:39:42 +0000 (11:39 -0700)
commit477b1b25768945621d466a8b3f0739297a842439
treeb6e320b2a8bfad573e567855ba107fb172d4627a
parent7cb9204ee1cf204f6f507d99a60f7c5bb359eebb
bpo-37463: match_hostname requires quad-dotted IPv4 (GH-14499)

ssl.match_hostname() no longer accepts IPv4 addresses with additional text
after the address and only quad-dotted notation without trailing
whitespaces. Some inet_aton() implementations ignore whitespace and all data
after whitespace, e.g. '127.0.0.1 whatever'.

Short notations like '127.1' for '127.0.0.1' were already filtered out.

The bug was initially found by Dominik Czarnota and reported by Paul Kehrer.

Signed-off-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue37463
Lib/ssl.py
Lib/test/test_ssl.py
Misc/NEWS.d/next/Security/2019-07-01-08-46-14.bpo-37463.1CHwjE.rst [new file with mode: 0644]