60 lines
2.3 KiB
Diff
60 lines
2.3 KiB
Diff
|
From a37f52436f9aa4b9292878b72f3ff1480e2606c3 Mon Sep 17 00:00:00 2001
|
||
|
From: Christian Heimes <christian@python.org>
|
||
|
Date: Tue, 15 Jan 2019 23:47:42 +0100
|
||
|
Subject: [PATCH] bpo-35746: Fix segfault in ssl's cert parser (GH-11569)
|
||
|
|
||
|
Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL
|
||
|
distribution points with empty DP or URI correctly. A malicious or buggy
|
||
|
certificate can result into segfault.
|
||
|
|
||
|
Signed-off-by: Christian Heimes <christian@python.org>
|
||
|
|
||
|
|
||
|
|
||
|
https://bugs.python.org/issue35746
|
||
|
---
|
||
|
Lib/test/talos-2019-0758.pem | 22 +++++++++++++++++++
|
||
|
Lib/test/test_ssl.py | 22 +++++++++++++++++++
|
||
|
.../2019-01-15-18-16-05.bpo-35746.nMSd0j.rst | 3 +++
|
||
|
Modules/_ssl.c | 4 ++++
|
||
|
4 files changed, 51 insertions(+)
|
||
|
create mode 100644 Lib/test/talos-2019-0758.pem
|
||
|
create mode 100644 Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst
|
||
|
|
||
|
--- a/Lib/test/test_ssl.py
|
||
|
+++ b/Lib/test/test_ssl.py
|
||
|
@@ -467,6 +467,27 @@ class BasicSocketTests(unittest.TestCase
|
||
|
}
|
||
|
)
|
||
|
|
||
|
+ def test_parse_cert_CVE_2019_5010(self):
|
||
|
+ p = ssl._ssl._test_decode_cert(TALOS_INVALID_CRLDP)
|
||
|
+ if support.verbose:
|
||
|
+ sys.stdout.write("\n" + pprint.pformat(p) + "\n")
|
||
|
+ self.assertEqual(
|
||
|
+ p,
|
||
|
+ {
|
||
|
+ 'issuer': (
|
||
|
+ (('countryName', 'UK'),), (('commonName', 'cody-ca'),)),
|
||
|
+ 'notAfter': 'Jun 14 18:00:58 2028 GMT',
|
||
|
+ 'notBefore': 'Jun 18 18:00:58 2018 GMT',
|
||
|
+ 'serialNumber': '02',
|
||
|
+ 'subject': ((('countryName', 'UK'),),
|
||
|
+ (('commonName',
|
||
|
+ 'codenomicon-vm-2.test.lal.cisco.com'),)),
|
||
|
+ 'subjectAltName': (
|
||
|
+ ('DNS', 'codenomicon-vm-2.test.lal.cisco.com'),),
|
||
|
+ 'version': 3
|
||
|
+ }
|
||
|
+ )
|
||
|
+
|
||
|
def test_parse_cert_CVE_2013_4238(self):
|
||
|
p = ssl._ssl._test_decode_cert(NULLBYTECERT)
|
||
|
if support.verbose:
|
||
|
--- /dev/null
|
||
|
+++ b/Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst
|
||
|
@@ -0,0 +1,3 @@
|
||
|
+[CVE-2019-5010] Fix a NULL pointer deref in ssl module. The cert parser did
|
||
|
+not handle CRL distribution points with empty DP or URI correctly. A
|
||
|
+malicious or buggy certificate can result into segfault.
|