[3.7] bpo-33136: Harden ssl module against CVE-2018-8970 (GH-6229) (GH-6230) Harden ssl module against LibreSSL CVE-2018-8970. X509_VERIFY_PARAM_set1_host() is called with an explicit namelen. A new test ensures that NULL bytes are not allowed. Signed-off-by: Christian Heimes <christian@python.org> (cherry picked from commit d02ac25ab0879f1a6de6937573bf00a16b7bd22e) Co-authored-by: Christian Heimes <christian@python.org>

commit: 2dd885eaa0d427e84892673c83d697bca5427c8b [log] [tgz]
author: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> Sun Mar 25 04:28:20 2018 -0700
committer: Christian Heimes <christian@python.org> Sun Mar 25 13:28:20 2018 +0200
tree: 94b922fbc13526a685da0a443e69b9a00c249a1e
parent: c6d94c37f4fd863c73fbfbcc918fd23b458b5301 [diff] [blame]
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index 8d98b80..36580d5 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py

@@ -1660,6 +1660,9 @@
         with self.assertRaises(ValueError):
             ctx.wrap_bio(ssl.MemoryBIO(), ssl.MemoryBIO(),
                          server_hostname=".example.org")
+        with self.assertRaises(TypeError):
+            ctx.wrap_bio(ssl.MemoryBIO(), ssl.MemoryBIO(),
+                         server_hostname="example.org\x00evil.com")
 
 
 class MemoryBIOTests(unittest.TestCase):
commit	2dd885eaa0d427e84892673c83d697bca5427c8b	[log] [tgz]
author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>	Sun Mar 25 04:28:20 2018 -0700
committer	Christian Heimes <christian@python.org>	Sun Mar 25 13:28:20 2018 +0200
tree	94b922fbc13526a685da0a443e69b9a00c249a1e
parent	c6d94c37f4fd863c73fbfbcc918fd23b458b5301 [diff] [blame]