bpo-35746: Fix segfault in ssl's cert parser (GH-11569) Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL distribution points with empty DP or URI correctly. A malicious or buggy certificate can result into segfault. Signed-off-by: Christian Heimes <christian@python.org> https://bugs.python.org/issue35746 (cherry picked from commit a37f52436f9aa4b9292878b72f3ff1480e2606c3) Co-authored-by: Christian Heimes <christian@python.org>

commit: be5de958e9052e322b0087c6dba81cdad0c3e031 [log] [tgz]
author: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> Tue Jan 15 15:03:36 2019 -0800
committer: GitHub <noreply@github.com> Tue Jan 15 15:03:36 2019 -0800
tree: 072f968b6e5da6a60340a7df2fac8ff11a4629c1
parent: c9f26714d511a338ba2fdd926e3dc62636f31815 [diff] [blame]
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 9894ad8..9baec8a 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c

@@ -1516,6 +1516,10 @@
         STACK_OF(GENERAL_NAME) *gns;
 
         dp = sk_DIST_POINT_value(dps, i);
+        if (dp->distpoint == NULL) {
+            /* Ignore empty DP value, CVE-2019-5010 */
+            continue;
+        }
         gns = dp->distpoint->name.fullname;
 
         for (j=0; j < sk_GENERAL_NAME_num(gns); j++) {
commit	be5de958e9052e322b0087c6dba81cdad0c3e031	[log] [tgz]
author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>	Tue Jan 15 15:03:36 2019 -0800
committer	GitHub <noreply@github.com>	Tue Jan 15 15:03:36 2019 -0800
tree	072f968b6e5da6a60340a7df2fac8ff11a4629c1
parent	c9f26714d511a338ba2fdd926e3dc62636f31815 [diff] [blame]