]> granicus.if.org Git - python/commit
projects / python / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 79690ac) | patch
Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes
authorGeorg Brandl <georg@python.org>
Tue, 30 Sep 2014 12:04:51 +0000 (14:04 +0200)
committerGeorg Brandl <georg@python.org>
Tue, 30 Sep 2014 12:04:51 +0000 (14:04 +0200)
commitec3c103520a5061e657581b388e2b8ba6f74602a
treec772344d220e21c83b181972a0e22e9caf8180batree | snapshot
parent79690ac1d0b25c048768e9d3870b475e235f9e7acommit | diff
Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes
inside subjectAltName correctly. Formerly the module has used OpenSSL's
GENERAL_NAME_print() function to get the string represention of ASN.1
strings for ``rfc822Name`` (email), ``dNSName`` (DNS) and
``uniformResourceIdentifier`` (URI).
Lib/test/nullbytecert.pem [new file with mode: 0644] blob
Lib/test/test_ssl.py diff | blob | history
Misc/NEWS diff | blob | history
Modules/_ssl.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.