churchyard / rpms / python3

Forked from rpms/python3 6 years ago
Clone
Source Code
GIT

Blame 00183-cve-2013-2099-fix-ssl-match_hostname-dos.patch

00339 3.7.1 3.7.3 3.7.3rc1 3.7.4 3.7.4rc1 3.7.4rc2 3.8.0 3.8.0rc1 3.8.1 3.8.1rc1 3.8.2 3.8.2rc1 3.8.3 3.8.3rc1 370 372 CVE-2019-5010 CVE-2019-9636 EXTRA_CFLAGS b4 bootnotes bz1515357 bz1547131 bz1644936 cleanup cve debugflags devel-setuptools extension_cflags f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f25-cve-2017-1000158 f26 f27 f27-366 f28-368 f28-CVE-2019-9636 f28-security-sync f28-test_support f29-3.7.3 f29-3.7.5 f29-CVE-2019-9636 f29-sync f30-00339 f30-3.7.5 f30-3.7.6 f30-pathfix f31-00339 f31-3.7.5 f31-3.7.6 f31-auto-churchyard-archnames f31-sync f32-3.8.5 f32-3.8.7 f32-3.8.8 f32-CVE-2021-3177 f32-auto-churchyard-archnames f32-no_arm_check f32-sqlitetest f32-sync flatpak_prefix gdbm_fix gettextbin library-not-linked-against-libc license markdownstream-only master mycleanup nightly no-findleaks no_anaconda noexe noskip openssl_config_workaround optimize_all_arches patch302 patch307 pathfix pathfix_gdbhooks pathfix_nobackup platform_python_srpm private-torsava-master provision py37 py_byte_compile python3.3 python3.4 python_provide pythoninfo rebase38 recommend-tkinter recommends redhat-rpm-config retire_platpy review_stuff rpm_deps rpm_wheels rpmlint rpmlintrc semantic_all setuptools45 skip_test_bdist_wininst skip_test_multiprocessing_fork source_date_epoch_from_changelog_0 source_epoch sudo_pip_install_prefix system-python-removal test_ci_selftest test_email-mktime test_support the_big_switch tls13 toolsmove valgrind_arches verify_sources
  1.   8032bb001b099d398197c5530ef1a01af04fb1fe
  2.   00183-cve-2013-2099-fix-ssl-match_hostname-dos.patch
Blob History Raw
22e1cc9 
# HG changeset patch
22e1cc9 
# User Antoine Pitrou <solipsis@pitrou.net>
22e1cc9 
# Date 1368892602 -7200
22e1cc9 
# Node ID c627638753e2d25a98950585b259104a025937a9
22e1cc9 
# Parent  9682241dc8fcb4b1aef083bd30860efa070c3d6d
22e1cc9 
Issue #17980: Fix possible abuse of ssl.match_hostname() for denial of service using certificates with many wildcards (CVE-2013-2099).
22e1cc9
22e1cc9 
diff --git a/Lib/ssl.py b/Lib/ssl.py
22e1cc9 
--- a/Lib/ssl.py
22e1cc9 
+++ b/Lib/ssl.py
22e1cc9 
@@ -129,9 +129,16 @@ class CertificateError(ValueError):
22e1cc9 
     pass
22e1cc9
22e1cc9
22e1cc9 
-def _dnsname_to_pat(dn):
22e1cc9 
+def _dnsname_to_pat(dn, max_wildcards=1):
22e1cc9 
     pats = []
22e1cc9 
     for frag in dn.split(r'.'):
22e1cc9 
+        if frag.count('*') > max_wildcards:
22e1cc9 
+            # Issue #17980: avoid denials of service by refusing more
22e1cc9 
+            # than one wildcard per fragment.  A survery of established
22e1cc9 
+            # policy among SSL implementations showed it to be a
22e1cc9 
+            # reasonable choice.
22e1cc9 
+            raise CertificateError(
22e1cc9 
+                "too many wildcards in certificate DNS name: " + repr(dn))
22e1cc9 
         if frag == '*':
22e1cc9 
             # When '*' is a fragment by itself, it matches a non-empty dotless
22e1cc9 
             # fragment.
22e1cc9 
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
22e1cc9 
--- a/Lib/test/test_ssl.py
22e1cc9 
+++ b/Lib/test/test_ssl.py
22e1cc9 
@@ -349,6 +349,17 @@ class BasicSocketTests(unittest.TestCase
22e1cc9 
         self.assertRaises(ValueError, ssl.match_hostname, None, 'example.com')
22e1cc9 
         self.assertRaises(ValueError, ssl.match_hostname, {}, 'example.com')
22e1cc9
22e1cc9 
+        # Issue #17980: avoid denials of service by refusing more than one
22e1cc9 
+        # wildcard per fragment.
22e1cc9 
+        cert = {'subject': ((('commonName', 'a*b.com'),),)}
22e1cc9 
+        ok(cert, 'axxb.com')
22e1cc9 
+        cert = {'subject': ((('commonName', 'a*b.co*'),),)}
22e1cc9 
+        ok(cert, 'axxb.com')
22e1cc9 
+        cert = {'subject': ((('commonName', 'a*b*.com'),),)}
22e1cc9 
+        with self.assertRaises(ssl.CertificateError) as cm:
22e1cc9 
+            ssl.match_hostname(cert, 'axxbxxc.com')
22e1cc9 
+        self.assertIn("too many wildcards", str(cm.exception))
22e1cc9 
+
22e1cc9 
     def test_server_side(self):
22e1cc9 
         # server_hostname doesn't work for server sockets
22e1cc9 
         ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.