New submission from Christian Heimes: Frawser Tweedle from Red Hat's identity management team found an issue in PyCA cryptography's handling of buffers for OpenSSL OBJ_obj2txt(). Cryptography fails to handle long OIDs as used by Active Directory.
https://github.com/pyca/cryptography/pull/3612/ https://bugzilla.redhat.com/show_bug.cgi?id=1455755 CPython's ssl module doesn't handle buffer allocation for OBJ_obj2txt() correctly, too. A default buffer size of 255+1 makes the bug less likely to occur, though. We should fix the problem anyway. ---------- assignee: christian.heimes components: SSL messages: 294679 nosy: christian.heimes priority: critical severity: normal status: open title: Fix buffer handling of OBJ_obj2txt type: behavior versions: Python 2.7, Python 3.5, Python 3.6, Python 3.7 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue30502> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
