]> granicus.if.org Git - python/commit
projects / python / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7cb9204) | patch
bpo-37463: match_hostname requires quad-dotted IPv4 (GH-14499)
authorChristian Heimes <christian@python.org>
Tue, 2 Jul 2019 18:39:42 +0000 (20:39 +0200)
committerMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Tue, 2 Jul 2019 18:39:42 +0000 (11:39 -0700)
commit477b1b25768945621d466a8b3f0739297a842439
treeb6e320b2a8bfad573e567855ba107fb172d4627atree | snapshot
parent7cb9204ee1cf204f6f507d99a60f7c5bb359eebbcommit | diff
bpo-37463: match_hostname requires quad-dotted IPv4 (GH-14499)

ssl.match_hostname() no longer accepts IPv4 addresses with additional text
after the address and only quad-dotted notation without trailing
whitespaces. Some inet_aton() implementations ignore whitespace and all data
after whitespace, e.g. '127.0.0.1 whatever'.

Short notations like '127.1' for '127.0.0.1' were already filtered out.

The bug was initially found by Dominik Czarnota and reported by Paul Kehrer.

Signed-off-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue37463
Lib/ssl.py diff | blob | history
Lib/test/test_ssl.py diff | blob | history
Misc/NEWS.d/next/Security/2019-07-01-08-46-14.bpo-37463.1CHwjE.rst [new file with mode: 0644] blob
Unnamed repository; edit this file 'description' to name the repository.