[3.5] bpo-35746: Fix segfault in ssl's cert parser (GH-11569) #11867
Conversation
Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL distribution points with empty DP or URI correctly. A malicious or buggy certificate can result into segfault. Vulnerability (TALOS-2018-0758) reported by Colin Read and Nicolas Edet of Cisco. Signed-off-by: Christian Heimes <christian@python.org> (cherry picked from commit a37f524)
|
I tested manually on my Fedora 29, the test pass: (Other tests fail because Python 3.5 isn't fully compatible with OpenSSL 1.1.1 used by Fedora 29.) |
|
This failed the Travis CI test after updating the branch. Specifically, two tests using ftp failed with a security exception ("bad IP"), I'll paste in an example below. I'm guessing the code is fine, and this is a temporary / race condition or CI configuration error. Regardless I don't know how to initiate running a new test. Victor, do you know how to make progress on this? In the meantime I'll see if I can get one of your other PRs in. -- Traceback (most recent call last): |
The failure is unrelated to this PR. Travis CI changed their security a few months ago: https://bugs.python.org/issue35411 |
|
So what should I do? I wanna mash that big attractive "Squash and merge" button but it won't let me! It's gray and I want it to be green! |
|
nm, I found your "skip FTP tests on Travis CI" PR. I'll merge that when I can and then the rest of the dominos will tumble and fall! |
|
@larryhastings: Please replace |
|
Thanks for the backport! 3.5 is now poised to take over the world. |
Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL
distribution points with empty DP or URI correctly. A malicious or buggy
certificate can result into segfault.
Vulnerability (TALOS-2018-0758) reported by Colin Read and Nicolas
Edet of Cisco.
Signed-off-by: Christian Heimes christian@python.org
(cherry picked from commit a37f524)
https://bugs.python.org/issue35746