python: fix CVE-2019-5010

This commit is contained in:
Christian Buschau 2019-01-29 05:32:47 +01:00 committed by Enno Boland
parent 59f795d5c8
commit 7abeb8f0bc
2 changed files with 34 additions and 1 deletions

View file

@ -0,0 +1,33 @@
commit 06b15424b0dcacb1c551b2a36e739fffa8d0c595
Author: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Date: Tue Jan 15 15:11:52 2019 -0800
bpo-35746: Fix segfault in ssl's cert parser (GH-11569)
Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL
distribution points with empty DP or URI correctly. A malicious or buggy
certificate can result into segfault.
Signed-off-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue35746
(cherry picked from commit a37f52436f9aa4b9292878b72f3ff1480e2606c3)
Co-authored-by: Christian Heimes <christian@python.org>
diff --git Modules/_ssl.c Modules/_ssl.c
index a96c419260..19bb1207b4 100644
--- Modules/_ssl.c
+++ Modules/_ssl.c
@@ -1223,6 +1223,10 @@ _get_crl_dp(X509 *certificate) {
STACK_OF(GENERAL_NAME) *gns;
dp = sk_DIST_POINT_value(dps, i);
+ if (dp->distpoint == NULL) {
+ /* Ignore empty DP value, CVE-2019-5010 */
+ continue;
+ }
gns = dp->distpoint->name.fullname;
for (j=0; j < sk_GENERAL_NAME_num(gns); j++) {

View file

@ -4,7 +4,7 @@
#
pkgname=python
version=2.7.15
revision=4
revision=5
wrksrc="Python-${version}"
hostmakedepends="pkg-config"
makedepends="libffi-devel readline-devel gdbm-devel libressl-devel expat-devel