Title: Fix buffer handling of OBJ_obj2txt
Type: behavior Stage:
Components: SSL Versions: Python 3.7, Python 3.6, Python 3.5, Python 2.7
Status: open Resolution:
Dependencies: Superseder:
Assigned To: christian.heimes Nosy List: christian.heimes, serhiy.storchaka
Priority: critical Keywords: patch

Created on 2017-05-29 07:19 by christian.heimes, last changed 2017-05-29 12:12 by serhiy.storchaka.

File name Uploaded Description Edit
issue30502-simpler.diff serhiy.storchaka, 2017-05-29 12:12
Pull Requests
URL Status Linked Edit
PR 1852 open christian.heimes, 2017-05-29 07:20
Messages (4)
msg294679 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2017-05-29 07:19
Frawser Tweedle from Red Hat's identity management team found an issue in PyCA cryptography's handling of buffers for OpenSSL OBJ_obj2txt(). Cryptography fails to handle long OIDs as used by Active Directory.

CPython's ssl module doesn't handle buffer allocation for OBJ_obj2txt() correctly, too. A default buffer size of 255+1 makes the bug less likely to occur, though. We should fix the problem anyway.
msg294684 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2017-05-29 09:04
Can the common code of _create_tuple_for_attribute() and asn1obj2py() be shared?
msg294687 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2017-05-29 09:46
IMO it doesn't make sense to share a couple of lines of code. It makes the code even harder to read.
msg294690 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2017-05-29 12:12
Your PR LGTM. But I think the code can be much simpler.

Here is a patch that shares common code and applies other simplifications to surrounded code. PR 1852 increases the total number of lines by 37 lines, issue30502-simpler.diff -- only by 3 lines.

PR 1852: 1 file changed, 49 insertions(+), 12 deletions(-)
issue30502-simpler.diff: 1 file changed, 46 insertions(+), 43 deletions(-)
Date User Action Args
2017-05-29 12:12:08serhiy.storchakasetfiles: + issue30502-simpler.diff
keywords: + patch
messages: + msg294690
2017-05-29 09:46:54christian.heimessetmessages: + msg294687
2017-05-29 09:04:59serhiy.storchakasetnosy: + serhiy.storchaka
messages: + msg294684
2017-05-29 07:20:47christian.heimessetpull_requests: + pull_request1935
2017-05-29 07:19:13christian.heimescreate