bpo-35746: Fix segfault in ssl's cert parser (GH-11569)
Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL
distribution points with empty DP or URI correctly. A malicious or buggy
certificate can result into segfault.
Signed-off-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue35746
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 4e3352d..0e720e2 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -1515,6 +1515,10 @@
STACK_OF(GENERAL_NAME) *gns;
dp = sk_DIST_POINT_value(dps, i);
+ if (dp->distpoint == NULL) {
+ /* Ignore empty DP value, CVE-2019-5010 */
+ continue;
+ }
gns = dp->distpoint->name.fullname;
for (j=0; j < sk_GENERAL_NAME_num(gns); j++) {