]> granicus.if.org Git - python/commit
bpo-35746: Fix segfault in ssl's cert parser (GH-11569) (#11867)
authorVictor Stinner <vstinner@redhat.com>
Tue, 26 Feb 2019 00:17:02 +0000 (01:17 +0100)
committerlarryhastings <larry@hastings.org>
Tue, 26 Feb 2019 00:17:02 +0000 (16:17 -0800)
commitefec7631edf3b9480dc3988c97ffef94df8800da
tree8d1520faffca8f0cce45f31fab2d8eca60ab5843
parent8bcbc7896d1fe1c289bae339d408fdf1472a00fa
bpo-35746: Fix segfault in ssl's cert parser (GH-11569) (#11867)

Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL
distribution points with empty DP or URI correctly. A malicious or buggy
certificate can result into segfault.

Vulnerability (TALOS-2018-0758) reported by Colin Read and Nicolas
Edet of Cisco.

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit a37f52436f9aa4b9292878b72f3ff1480e2606c3)
Lib/test/talos-2019-0758.pem [new file with mode: 0644]
Lib/test/test_ssl.py
Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst [new file with mode: 0644]
Modules/_ssl.c