subject:"\[issue37463\] socket.inet_aton IP parsing issue in ssl.match

[issue37463] socket.inet_aton IP parsing issue in ssl.match_hostname

2019-07-02 Thread Ned Deily

Ned Deily added the comment: New changeset 070fae6d0ff49e63bfd5f2bdc66f8eb1df3b6557 by Ned Deily (Christian Heimes) in branch '3.7': bpo-37463: match_hostname requires quad-dotted IPv4 (GH-14499) https://github.com/python/cpython/commit/070fae6d0ff49e63bfd5f2bdc66f8eb1df3b6557 -- _

[issue37463] socket.inet_aton IP parsing issue in ssl.match_hostname

2019-07-02 Thread Christian Heimes

Christian Heimes added the comment: Ned, Łukasz, thanks for your patience. -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker __

[issue37463] socket.inet_aton IP parsing issue in ssl.match_hostname

2019-07-02 Thread miss-islington

miss-islington added the comment: New changeset 024ea2170b7c1652a62cc7458e736c63d4970eb1 by Miss Islington (bot) in branch '3.7': bpo-37463: match_hostname requires quad-dotted IPv4 (GH-14499) https://github.com/python/cpython/commit/024ea2170b7c1652a62cc7458e736c63d4970eb1 --

[issue37463] socket.inet_aton IP parsing issue in ssl.match_hostname

2019-07-02 Thread miss-islington

miss-islington added the comment: New changeset 3cba3d3c55f230a59174a0dfcafb1d4685269e60 by Miss Islington (bot) in branch '3.8': bpo-37463: match_hostname requires quad-dotted IPv4 (GH-14499) https://github.com/python/cpython/commit/3cba3d3c55f230a59174a0dfcafb1d4685269e60 --

[issue37463] socket.inet_aton IP parsing issue in ssl.match_hostname

2019-07-02 Thread miss-islington

Change by miss-islington : -- pull_requests: +14376 pull_request: https://github.com/python/cpython/pull/14559 ___ Python tracker ___ __

[issue37463] socket.inet_aton IP parsing issue in ssl.match_hostname

2019-07-02 Thread miss-islington

Change by miss-islington : -- pull_requests: +14377 pull_request: https://github.com/python/cpython/pull/14560 ___ Python tracker ___ __

[issue37463] socket.inet_aton IP parsing issue in ssl.match_hostname

2019-07-02 Thread miss-islington

miss-islington added the comment: New changeset 477b1b25768945621d466a8b3f0739297a842439 by Miss Islington (bot) (Christian Heimes) in branch 'master': bpo-37463: match_hostname requires quad-dotted IPv4 (GH-14499) https://github.com/python/cpython/commit/477b1b25768945621d466a8b3f0739297a842

[issue37463] socket.inet_aton IP parsing issue in ssl.match_hostname

2019-07-02 Thread Łukasz Langa

Łukasz Langa added the comment: FTR 3.8b2 is also waiting for this fix due to the expert's (that's you, Christian!) priority setting. -- ___ Python tracker ___ ___

[issue37463] socket.inet_aton IP parsing issue in ssl.match_hostname

2019-07-02 Thread Christian Heimes

Christian Heimes added the comment: Riccardo, the issue is about parsing the user supplied hostname/ipaddress, not the IPAddress field of the certificate. X.509 certs store IP addresses as fixed-size binary data, 4 bytes for IPv4 or 16 bytes for IPv6. There can't be any additional payload.

[issue37463] socket.inet_aton IP parsing issue in ssl.match_hostname

2019-07-02 Thread Riccardo Schirone

Riccardo Schirone added the comment: As far as I know you can't request a hostname with spaces in it (which seems to be a precondition to trigger this bug) so I think an attacker cannot even create a malicious CA that would be mistakenly accepted by match_hostname. -- nosy: +rschiron

[issue37463] socket.inet_aton IP parsing issue in ssl.match_hostname

2019-07-02 Thread Ned Deily

Ned Deily added the comment: Ping. At the moment, this is the only release blocker preventing the release of 3.7.4rc2. -- ___ Python tracker ___ _

[issue37463] socket.inet_aton IP parsing issue in ssl.match_hostname

2019-07-01 Thread STINNER Victor

STINNER Victor added the comment: > It's a potential security bug although low severity. What is the worst that can happen with this issue? Other the client doesn't validate the cert at all, and so this issue has no impact, or the client validates the cert and trusts the CA, but the host isn

[issue37463] socket.inet_aton IP parsing issue in ssl.match_hostname

2019-06-30 Thread Christian Heimes

Change by Christian Heimes : -- keywords: +patch pull_requests: +14315 stage: needs patch -> patch review pull_request: https://github.com/python/cpython/pull/14499 ___ Python tracker

[issue37463] socket.inet_aton IP parsing issue in ssl.match_hostname

2019-06-30 Thread Christian Heimes

New submission from Christian Heimes : inet_aton accepts trailing characterrs after a valid IP ( https://bugzilla.redhat.com/show_bug.cgi?id=1347549). This, in combination with its use inside ssl.match_hostname, allows the following code to work when it should fail: import ssl cert = {'subjec

[issue37463] socket.inet_aton IP parsing issue in ssl.match_hostname

[issue37463] socket.inet_aton IP parsing issue in ssl.match_hostname

[issue37463] socket.inet_aton IP parsing issue in ssl.match_hostname

[issue37463] socket.inet_aton IP parsing issue in ssl.match_hostname

[issue37463] socket.inet_aton IP parsing issue in ssl.match_hostname

[issue37463] socket.inet_aton IP parsing issue in ssl.match_hostname

[issue37463] socket.inet_aton IP parsing issue in ssl.match_hostname

[issue37463] socket.inet_aton IP parsing issue in ssl.match_hostname

[issue37463] socket.inet_aton IP parsing issue in ssl.match_hostname

[issue37463] socket.inet_aton IP parsing issue in ssl.match_hostname

[issue37463] socket.inet_aton IP parsing issue in ssl.match_hostname

[issue37463] socket.inet_aton IP parsing issue in ssl.match_hostname

[issue37463] socket.inet_aton IP parsing issue in ssl.match_hostname

[issue37463] socket.inet_aton IP parsing issue in ssl.match_hostname

14 matches

Site Navigation

Mail list logo

Footer information