File CVE-2019-5010-null-defer-x509-cert-DOS.patch of Package python

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2019-5010-null-defer-x509-cert-DOS.patch of Package python (Revision 7c7532457b948cc36e86ff51d95885bc)

Currently displaying revision 7c7532457b948cc36e86ff51d95885bc , Show latest

From 280917872027ee991416d2623fc16ff1eed48f50 Mon Sep 17 00:00:00 2001
From: Christian Heimes <christian@python.org>
Date: Tue, 15 Jan 2019 23:47:42 +0100
Subject: [PATCH] bpo-35746: Fix segfault in ssl's cert parser (GH-11569)

Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL
distribution points with empty DP or URI correctly. A malicious or buggy
certificate can result into segfault.

Signed-off-by: Christian Heimes <christian@python.org>

https://bugs.python.org/issue35746
(cherry picked from commit a37f52436f9aa4b9292878b72f3ff1480e2606c3)

Co-authored-by: Christian Heimes <christian@python.org>
---
 Lib/test/talos-2019-0758.pem                  | 22 +++++++++++++++++++
 Lib/test/test_ssl.py                          | 22 +++++++++++++++++++
 .../2019-01-15-18-16-05.bpo-35746.nMSd0j.rst  |  3 +++
 Modules/_ssl.c                                |  4 ++++
 4 files changed, 51 insertions(+)
 create mode 100644 Lib/test/talos-2019-0758.pem
 create mode 100644 Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst

--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -287,6 +287,27 @@ class BasicSocketTests(unittest.TestCase
             }
         )
 
+    def test_parse_cert_CVE_2019_5010(self):
+        p = ssl._ssl._test_decode_cert(TALOS_INVALID_CRLDP)
+        if support.verbose:
+            sys.stdout.write("\n" + pprint.pformat(p) + "\n")
+        self.assertEqual(
+            p,
+            {
+                'issuer': (
+                    (('countryName', 'UK'),), (('commonName', 'cody-ca'),)),
+                'notAfter': 'Jun 14 18:00:58 2028 GMT',
+                'notBefore': 'Jun 18 18:00:58 2018 GMT',
+                'serialNumber': '02',
+                'subject': ((('countryName', 'UK'),),
+                            (('commonName',
+                              'codenomicon-vm-2.test.lal.cisco.com'),)),
+                'subjectAltName': (
+                    ('DNS', 'codenomicon-vm-2.test.lal.cisco.com'),),
+                'version': 3
+            }
+        )
+
     def test_parse_cert_CVE_2013_4238(self):
         p = ssl._ssl._test_decode_cert(NULLBYTECERT)
         if support.verbose:
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst
@@ -0,0 +1,3 @@
+[CVE-2019-5010] Fix a NULL pointer deref in ssl module. The cert parser did
+not handle CRL distribution points with empty DP or URI correctly. A
+malicious or buggy certificate can result into segfault.

 
From 280917872027ee991416d2623fc16ff1eed48f50 Mon Sep 17 00:00:00 2001
From: Christian Heimes <christian@python.org>
Date: Tue, 15 Jan 2019 23:47:42 +0100
Subject: [PATCH] bpo-35746: Fix segfault in ssl's cert parser (GH-11569)
​
Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL
distribution points with empty DP or URI correctly. A malicious or buggy
certificate can result into segfault.
​
Signed-off-by: Christian Heimes <christian@python.org>
​
https://bugs.python.org/issue35746
(cherry picked from commit a37f52436f9aa4b9292878b72f3ff1480e2606c3)
​
Co-authored-by: Christian Heimes <christian@python.org>
---
 Lib/test/talos-2019-0758.pem                  | 22 +++++++++++++++++++
 Lib/test/test_ssl.py                          | 22 +++++++++++++++++++
 .../2019-01-15-18-16-05.bpo-35746.nMSd0j.rst  |  3 +++
 Modules/_ssl.c                                |  4 ++++
 4 files changed, 51 insertions(+)
 create mode 100644 Lib/test/talos-2019-0758.pem
 create mode 100644 Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst
​
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -287,6 +287,27 @@ class BasicSocketTests(unittest.TestCase
             }
         )
 
+    def test_parse_cert_CVE_2019_5010(self):
+        p = ssl._ssl._test_decode_cert(TALOS_INVALID_CRLDP)
+        if support.verbose:
+            sys.stdout.write("\n" + pprint.pformat(p) + "\n")
+        self.assertEqual(
+            p,
+            {
+                'issuer': (
+                    (('countryName', 'UK'),), (('commonName', 'cody-ca'),)),
+                'notAfter': 'Jun 14 18:00:58 2028 GMT',
+                'notBefore': 'Jun 18 18:00:58 2018 GMT',
+                'serialNumber': '02',
+                'subject': ((('countryName', 'UK'),),
+                            (('commonName',
+                              'codenomicon-vm-2.test.lal.cisco.com'),)),
+                'subjectAltName': (
+                    ('DNS', 'codenomicon-vm-2.test.lal.cisco.com'),),
+                'version': 3
+            }
+        )
+
     def test_parse_cert_CVE_2013_4238(self):
         p = ssl._ssl._test_decode_cert(NULLBYTECERT)
         if support.verbose:
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst
@@ -0,0 +1,3 @@
+[CVE-2019-5010] Fix a NULL pointer deref in ssl module. The cert parser did
+not handle CRL distribution points with empty DP or URI correctly. A
+malicious or buggy certificate can result into segfault.
​

Places

File CVE-2019-5010-null-defer-x509-cert-DOS.patch of Package python (Revision 7c7532457b948cc36e86ff51d95885bc)

Places