519fc0a478
- Bump PORTREVISION for package change
Obtained from: 216a4d83c3
Reference: https://bugs.python.org/issue35746
Security: d74371d2-4fee-11e9-a5cd-1df8a848de3d
MFH: 2019Q1
22 lines
766 B
Plaintext
22 lines
766 B
Plaintext
Obtained from: https://github.com/python/cpython/commit/216a4d83c3b72f4fdcd81b588dc3f42cc461739a
|
|
|
|
bpo-35746: Fix segfault in ssl's cert parser (GH-11569) (GH-11573)
|
|
|
|
Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL
|
|
distribution points with empty DP or URI correctly. A malicious or buggy
|
|
certificate can result into segfault.
|
|
|
|
--- Modules/_ssl.c.orig
|
|
+++ Modules/_ssl.c
|
|
@@ -1338,6 +1338,10 @@ _get_crl_dp(X509 *certificate) {
|
|
STACK_OF(GENERAL_NAME) *gns;
|
|
|
|
dp = sk_DIST_POINT_value(dps, i);
|
|
+ if (dp->distpoint == NULL) {
|
|
+ /* Ignore empty DP value, CVE-2019-5010 */
|
|
+ continue;
|
|
+ }
|
|
gns = dp->distpoint->name.fullname;
|
|
|
|
for (j=0; j < sk_GENERAL_NAME_num(gns); j++) {
|