forked from pool/python38
Matej Cepl
9921186373
- Security
- gh-115398: Allow controlling Expat >=2.6.0 reparse deferral
(CVE-2023-52425) by adding five new methods:
xml.etree.ElementTree.XMLParser.flush()
xml.etree.ElementTree.XMLPullParser.flush()
xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()
xml.parsers.expat.xmlparser.SetReparseDeferralEnabled()
xml.sax.expatreader.ExpatParser.flush()
- gh-115399: Update bundled libexpat to 2.6.0
- gh-113659: Skip .pth files with names starting with a dot
or hidden file attribute.
- Core and Builtins
- gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004
codecs read out of bounds
- Library
- gh-115197: urllib.request no longer resolves the hostname
before checking it against the system’s proxy bypass list
on macOS and Windows.
- gh-115133: Fix tests for XMLPullParser with Expat 2.6.0.
- gh-81194: Fix a crash in socket.if_indextoname() with
specific value (UINT_MAX). Fix an integer overflow in
socket.if_indextoname() on 64-bit non-Windows platforms.
- gh-109858: Protect zipfile from “quoted-overlap”
zipbomb. It now raises BadZipFile when try to read an entry
that overlaps with other entry or central directory.
- gh-107077: Seems that in some conditions, OpenSSL will
return SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL
when a certification verification has failed, but
the error parameters will still contain ERR_LIB_SSL
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=149
58 lines
2.2 KiB
Diff
58 lines
2.2 KiB
Diff
From a37f52436f9aa4b9292878b72f3ff1480e2606c3 Mon Sep 17 00:00:00 2001
|
|
From: Christian Heimes <christian@python.org>
|
|
Date: Tue, 15 Jan 2019 23:47:42 +0100
|
|
Subject: [PATCH] bpo-35746: Fix segfault in ssl's cert parser (GH-11569)
|
|
|
|
Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL
|
|
distribution points with empty DP or URI correctly. A malicious or buggy
|
|
certificate can result into segfault.
|
|
|
|
Signed-off-by: Christian Heimes <christian@python.org>
|
|
|
|
|
|
|
|
https://bugs.python.org/issue35746
|
|
---
|
|
Lib/test/test_ssl.py | 21 ++++++++++
|
|
Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst | 3 +
|
|
2 files changed, 24 insertions(+)
|
|
create mode 100644 Lib/test/talos-2019-0758.pem
|
|
create mode 100644 Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst
|
|
|
|
--- a/Lib/test/test_ssl.py
|
|
+++ b/Lib/test/test_ssl.py
|
|
@@ -507,6 +507,27 @@ class BasicSocketTests(unittest.TestCase
|
|
}
|
|
)
|
|
|
|
+ def test_parse_cert_CVE_2019_5010(self):
|
|
+ p = ssl._ssl._test_decode_cert(TALOS_INVALID_CRLDP)
|
|
+ if support.verbose:
|
|
+ sys.stdout.write("\n" + pprint.pformat(p) + "\n")
|
|
+ self.assertEqual(
|
|
+ p,
|
|
+ {
|
|
+ 'issuer': (
|
|
+ (('countryName', 'UK'),), (('commonName', 'cody-ca'),)),
|
|
+ 'notAfter': 'Jun 14 18:00:58 2028 GMT',
|
|
+ 'notBefore': 'Jun 18 18:00:58 2018 GMT',
|
|
+ 'serialNumber': '02',
|
|
+ 'subject': ((('countryName', 'UK'),),
|
|
+ (('commonName',
|
|
+ 'codenomicon-vm-2.test.lal.cisco.com'),)),
|
|
+ 'subjectAltName': (
|
|
+ ('DNS', 'codenomicon-vm-2.test.lal.cisco.com'),),
|
|
+ 'version': 3
|
|
+ }
|
|
+ )
|
|
+
|
|
def test_parse_cert_CVE_2013_4238(self):
|
|
p = ssl._ssl._test_decode_cert(NULLBYTECERT)
|
|
if support.verbose:
|
|
--- /dev/null
|
|
+++ b/Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst
|
|
@@ -0,0 +1,3 @@
|
|
+[CVE-2019-5010] Fix a NULL pointer deref in ssl module. The cert parser did
|
|
+not handle CRL distribution points with empty DP or URI correctly. A
|
|
+malicious or buggy certificate can result into segfault.
|