Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cpython3 / d02ac25ab0879f1a6de6937573bf00a16b7bd22e^! / . / Modules / _ssl.c
commitd02ac25ab0879f1a6de6937573bf00a16b7bd22e[log] [tgz]
authorChristian Heimes <christian@python.org>Sun Mar 25 12:36:13 2018 +0200
committerGitHub <noreply@github.com>Sun Mar 25 12:36:13 2018 +0200
treea0843a85918e73dc71d7279eac60382928c95de7
parente4ce9fa89cb542dced553710b05de85202bc4715 [diff] [blame]
bpo-33136: Harden ssl module against CVE-2018-8970 (GH-6229)

Harden ssl module against LibreSSL CVE-2018-8970.
X509_VERIFY_PARAM_set1_host() is called with an explicit namelen. A new test
ensures that NULL bytes are not allowed.

Signed-off-by: Christian Heimes <christian@python.org>
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 30c3403..4baabd5 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c

@@ -852,7 +852,8 @@
     if (self->ctx->check_hostname) {
         X509_VERIFY_PARAM *param = SSL_get0_param(self->ssl);
         if (ip == NULL) {
-            if (!X509_VERIFY_PARAM_set1_host(param, server_hostname, 0)) {
+            if (!X509_VERIFY_PARAM_set1_host(param, server_hostname,
+                                             strlen(server_hostname))) {
                 _setSSLError(NULL, 0, __FILE__, __LINE__);
                 goto error;
             }
@@ -4025,7 +4026,7 @@
     PyObject *res;
 
     /* server_hostname is either None (or absent), or to be encoded
-       as IDN A-label (ASCII str). */
+       as IDN A-label (ASCII str) without NULL bytes. */
     if (hostname_obj != Py_None) {
         if (!PyArg_Parse(hostname_obj, "es", "ascii", &hostname))
             return NULL;
@@ -4063,7 +4064,7 @@
     PyObject *res;
 
     /* server_hostname is either None (or absent), or to be encoded
-       as IDN A-label (ASCII str). */
+       as IDN A-label (ASCII str) without NULL bytes. */
     if (hostname_obj != Py_None) {
         if (!PyArg_Parse(hostname_obj, "es", "ascii", &hostname))
             return NULL;