This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: SSL module fails to handle NULL bytes inside subjectAltNames general names (CVE-2013-4238)
Type: security Stage: resolved
Components: Extension Modules Versions: Python 3.2
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: georg.brandl Nosy List: Anuj, Arfrever, abn, barry, benjamin.peterson, christian.heimes, dstufft, eric.araujo, georg.brandl, larry, python-dev, sYnfo, vstinner
Priority: release blocker Keywords: patch

Created on 2013-08-12 11:32 by christian.heimes, last changed 2022-04-11 14:57 by admin. This issue is now closed.

Files
File name Uploaded Description Edit
nullbytecert.pem christian.heimes, 2013-08-12 11:34 Malicious certificate
CVE-2013-4073_py34.patch christian.heimes, 2013-08-12 11:34 Patch for Python 3.4 review
CVE-2013-4073_py33.patch christian.heimes, 2013-08-12 11:34 Patch for Python 3.3 review
CVE-2013-4073_py27.patch christian.heimes, 2013-08-12 11:35 Patch for Python 2.7 review
CVE-2013-4073_py26.patch christian.heimes, 2013-08-16 00:37 review
CVE-2013-4238-py31.patch christian.heimes, 2013-08-16 23:22 Patch for Python 3.1 review
CVE-2013-4238-py32.patch christian.heimes, 2013-08-16 23:25 Patch for Python 3.2 review
Messages (31)
msg194944 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-08-12 11:32
Ryan Sleevi of the Google Chrome Security Team has informed us that Python's SSL module doesn't handle NULL bytes inside subjectAltNames general names. It's related to Ruby's CVE-2013-4073 http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/

Although Python uses a slightly different OpenSSL API to parse a X.509 certificate and turn its fields into a dictionary, our implementation eventually uses an OpenSSL function that fails to handle NULL bytes. This could lead to a breach when an application uses ssl.match_hostname() to match the hostname againt the certificate's subjectAltName's dNSName general names.

When the Ruby issues was announced publicly I already suspected that our code may suffer from the same issue. But I was unable to generate a X.509 certificate with a NULL byte in its X509v3 subjectAltName extension, only in subject and issuer. OpenSSL's config file format just didn't support NULL bytes. But Our code handled the NULL byte in subject in issuer just fine so I gave up. In the light of the bug report I went a different path and eventually I came up with a malicious certificate that showed the reported bug.
msg194945 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-08-12 11:34
Demo certificate:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, ST=Oregon, L=Beaverton, O=Python Software Foundation, OU=Python Core Development, CN=null.python.org\x00example.org/emailAddress=python-dev@python.org
        Validity
            Not Before: Aug  7 13:11:52 2013 GMT
            Not After : Aug  7 13:12:52 2013 GMT
        Subject: C=US, ST=Oregon, L=Beaverton, O=Python Software Foundation, OU=Python Core Development, CN=null.python.org\x00example.org/emailAddress=python-dev@python.org
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b5:ea:ed:c9:fb:46:7d:6f:3b:76:80:dd:3a:f3:
                    03:94:0b:a7:a6:db:ec:1d:df:ff:23:74:08:9d:97:
                    16:3f:a3:a4:7b:3e:1b:0e:96:59:25:03:a7:26:e2:
                    88:a9:cf:79:cd:f7:04:56:b0:ab:79:32:6e:59:c1:
                    32:30:54:eb:58:a8:cb:91:f0:42:a5:64:27:cb:d4:
                    56:31:88:52:ad:cf:bd:7f:f0:06:64:1f:cc:27:b8:
                    a3:8b:8c:f3:d8:29:1f:25:0b:f5:46:06:1b:ca:02:
                    45:ad:7b:76:0a:9c:bf:bb:b9:ae:0d:16:ab:60:75:
                    ae:06:3e:9c:7c:31:dc:92:2f:29:1a:e0:4b:0c:91:
                    90:6c:e9:37:c5:90:d7:2a:d7:97:15:a3:80:8f:5d:
                    7b:49:8f:54:30:d4:97:2c:1c:5b:37:b5:ab:69:30:
                    68:43:d3:33:78:4b:02:60:f5:3c:44:80:a1:8f:e7:
                    f0:0f:d1:5e:87:9e:46:cf:62:fc:f9:bf:0c:65:12:
                    f1:93:c8:35:79:3f:c8:ec:ec:47:f5:ef:be:44:d5:
                    ae:82:1e:2d:9a:9f:98:5a:67:65:e1:74:70:7c:cb:
                    d3:c2:ce:0e:45:49:27:dc:e3:2d:d4:fb:48:0e:2f:
                    9e:77:b8:14:46:c0:c4:36:ca:02:ae:6a:91:8c:da:
                    2f:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier:
                88:5A:55:C0:52:FF:61:CD:52:A3:35:0F:EA:5A:9C:24:38:22:F7:5C
            X509v3 Key Usage:
                Digital Signature, Non Repudiation, Key Encipherment
            X509v3 Subject Alternative Name:
                *************************************************************
                WARNING: The values for DNS, email and URI are WRONG. OpenSSL
                         doesn't print the text after a NULL byte.
                *************************************************************
                DNS:altnull.python.org, email:null@python.org, URI:http://null.python.org, IP Address:192.0.2.1, IP Address:2001:DB8:0:0:0:0:0:1
    Signature Algorithm: sha1WithRSAEncryption
         ac:4f:45:ef:7d:49:a8:21:70:8e:88:59:3e:d4:36:42:70:f5:
         a3:bd:8b:d7:a8:d0:58:f6:31:4a:b1:a4:a6:dd:6f:d9:e8:44:
         3c:b6:0a:71:d6:7f:b1:08:61:9d:60:ce:75:cf:77:0c:d2:37:
         86:02:8d:5e:5d:f9:0f:71:b4:16:a8:c1:3d:23:1c:f1:11:b3:
         56:6e:ca:d0:8d:34:94:e6:87:2a:99:f2:ae:ae:cc:c2:e8:86:
         de:08:a8:7f:c5:05:fa:6f:81:a7:82:e6:d0:53:9d:34:f4:ac:
         3e:40:fe:89:57:7a:29:a4:91:7e:0b:c6:51:31:e5:10:2f:a4:
         60:76:cd:95:51:1a:be:8b:a1:b0:fd:ad:52:bd:d7:1b:87:60:
         d2:31:c7:17:c4:18:4f:2d:08:25:a3:a7:4f:b7:92:ca:e2:f5:
         25:f1:54:75:81:9d:b3:3d:61:a2:f7:da:ed:e1:c6:6f:2c:60:
         1f:d8:6f:c5:92:05:ab:c9:09:62:49:a9:14:ad:55:11:cc:d6:
         4a:19:94:99:97:37:1d:81:5f:8b:cf:a3:a8:96:44:51:08:3d:
         0b:05:65:12:eb:b6:70:80:88:48:72:4f:c6:c2:da:cf:cd:8e:
         5b:ba:97:2f:60:b4:96:56:49:5e:3a:43:76:63:04:be:2a:f6:
         c1:ca:a9:94

The correct values are:

(('DNS', 'altnull.python.org\x00example.com'),
 ('email', 'null@python.org\x00user@example.org'),
 ('URI', 'http://null.python.org\x00http://example.org'),
 ('IP Address', '192.0.2.1'),
 ('IP Address', '2001:DB8:0:0:0:0:0:1\n'))
msg194958 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2013-08-12 13:02
Does it really make sense to allow to open a certificate containing a NUL byte in its name? How does OpenSSL and other projects handle this case?
msg194959 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-08-12 13:14
OpenSSL's print() functions fail to handle the NULL byte in subjectAltName (SAN) general names as they use strlen() or printf() functions with "%s" format char. The subject and issuer elements with NULL bytes are handled correctly by OpenSSL.

wget and curl combine CN / SAN parsing and hostname matching in one function. Both report an error when they see a NULL byte in a dNSName (strlen(dNSName) != lengtt of ASN1_STRING).

Python has separate functions for retrieving the X.509 information and matching a hostname against CN / SAN. I like to keep it that way and just for our parsing code in this bug. Latter ssl.match_hostname() can check for NULL bytes and raise an exception, but that's a different issue.
msg195043 - (view) Author: Arun Babu Neelicattu (abn) * Date: 2013-08-13 03:05
This issue has been assigned CVE-2013-4238 [1].

Please use CVE-2013-4238 for this issue in Python for patches and references.

[1] http://www.openwall.com/lists/oss-security/2013/08/13/2
msg195056 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-08-13 08:56
Thanks! The title now references the new CVE #.
msg195069 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-08-13 12:10
Python 3.1 is affected, too. 3.1 will recieve security fixes until June 2014.
msg195307 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-08-16 00:37
Brian Cameron from Oracle has requested a fix for Python 2.6. I have attached a patch for 2.6. In order to compile and test the patch I had to modify _ssl.c to handle OPENSSL_NO_SSL2. I also copied keycert.pem from 2.7 to fix two test failures. The former keycert.pem has expired.

It's a bit of a challenge to compile Python 2.6 on modern Linux OS. I had to set a couple of flags and overwrite MACHDEP:

export arch=$(dpkg-architecture -qDEB_HOST_MULTIARCH)
export LDFLAGS="-L/usr/lib/$arch -L/lib/$arch"
export CFLAGS="-I/usr/include/$arch"
export CPPFLAGS="-I/usr/include/$arch"
./configure --config-cache --with-pydebug
make -j4 MACHDEP=linux2
msg195347 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-08-16 16:03
For the record PHP has assigned CVE-2013-4248 for the issue.
msg195438 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2013-08-16 23:11
New changeset c9f073e593b0 by Christian Heimes in branch '3.3':
Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes
http://hg.python.org/cpython/rev/c9f073e593b0

New changeset 7a0f398d1a5c by Christian Heimes in branch 'default':
Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes
http://hg.python.org/cpython/rev/7a0f398d1a5c

New changeset bd2360476bdb by Christian Heimes in branch '2.7':
Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes
http://hg.python.org/cpython/rev/bd2360476bdb
msg195440 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-08-16 23:22
I have applied the patch to 2.7, 3.3 and 3.4.

Barry, Benjamin, Georg:
Are you going to apply the patches yourselves?
msg195992 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2013-08-23 17:38
New changeset 79007c4244d6 by Barry Warsaw in branch '2.6':
- Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes
http://hg.python.org/cpython/rev/79007c4244d6
msg196113 - (view) Author: Charles-François Natali (neologix) * (Python committer) Date: 2013-08-25 08:21
The test is failing on Tiger buildbots:

"""
======================================================================
FAIL: test_parse_cert_CVE_2013_4238 (test.test_ssl.BasicSocketTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/Users/db3l/buildarea/3.x.bolen-tiger/build/Lib/test/test_ssl.py", line 230, in test_parse_cert_CVE_2013_4238
    ('IP Address', '2001:DB8:0:0:0:0:0:1\n'))
AssertionError: Tuples differ: (('DNS', 'altnull.python.org\x... != (('DNS', 'altnull.python.org\x...

First differing element 4:
('IP Address', '<invalid>')
('IP Address', '2001:DB8:0:0:0:0:0:1\n')

  (('DNS', 'altnull.python.org\x00example.com'),
   ('email', 'null@python.org\x00user@example.org'),
   ('URI', 'http://null.python.org\x00http://example.org'),
   ('IP Address', '192.0.2.1'),
-  ('IP Address', '<invalid>'))
+  ('IP Address', '2001:DB8:0:0:0:0:0:1\n'))

----------------------------------------------------------------------
"""

http://buildbot.python.org/all/builders/x86 Tiger 3.x/builds/6829/steps/test/logs/stdio
msg196121 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2013-08-25 12:15
New changeset 004743d210e4 by Christian Heimes in branch '3.3':
Issue #18709: Fix issue with IPv6 address in subjectAltName on Mac OS X Tiger
http://hg.python.org/cpython/rev/004743d210e4

New changeset 577e9402cadd by Christian Heimes in branch 'default':
Issue #18709: Fix issue with IPv6 address in subjectAltName on Mac OS X Tiger
http://hg.python.org/cpython/rev/577e9402cadd

New changeset 1cd24ea5abeb by Christian Heimes in branch '2.7':
Issue #18709: Fix issue with IPv6 address in subjectAltName on Mac OS X Tiger
http://hg.python.org/cpython/rev/1cd24ea5abeb

New changeset 50803d881a92 by Christian Heimes in branch '2.6':
Issue #18709: Fix issue with IPv6 address in subjectAltName on Mac OS X Tiger
http://hg.python.org/cpython/rev/50803d881a92
msg196122 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-08-25 12:16
Tiger has OpenSSL 0.9.7 which doesn't support IPv6 addresses. I have added a workaround.
msg196565 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-08-30 17:43
It's not fixed in 3.1 and 3.2 yet. Please re-open the issue. I can't do it because I'm not at home.

"Charles-François Natali" <report@bugs.python.org> schrieb:
>
>Changes by Charles-François Natali <cf.natali@gmail.com>:
>
>
>----------
>resolution:  -> fixed
>stage: patch review -> committed/rejected
>status: open -> closed
>
>_______________________________________
>Python tracker <report@bugs.python.org>
><http://bugs.python.org/issue18709>
>_______________________________________
msg196566 - (view) Author: Charles-François Natali (neologix) * (Python committer) Date: 2013-08-30 17:44
Oops.
msg196776 - (view) Author: Matěj Stuchlík (sYnfo) Date: 2013-09-02 09:47
Doing 'valgrind --suppressions=valgrind-python.supp ./python Lib/tests/regrtest.py test_ssl.py' I'm getting

==11944== LEAK SUMMARY:
==11944==    definitely lost: 32 bytes in 1 blocks
==11944==    indirectly lost: 392 bytes in 16 blocks
==11944==      possibly lost: 27,008 bytes in 58 blocks
==11944==    still reachable: 4,267,092 bytes in 4,124 blocks
==11944==         suppressed: 32 bytes in 1 blocks

and as far as I can tell the leak is introduced by this patch, I can't seem to figure out what could be causing it though.
msg196777 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-09-02 10:51
I can't reproduce the memory leak. valgrind's output doesn't show suspicious memory leaks.

./configure --with-pydebug --config-cache
valgrind --suppressions=Misc/valgrind-python.supp ./python Lib/test/test_ssl.py

Python 3.4 tip
--------------

==26085== HEAP SUMMARY:
==26085==     in use at exit: 1,286,703 bytes in 3,778 blocks
==26085==   total heap usage: 210,241 allocs, 206,463 frees, 62,923,839 bytes allocated
==26085== 
==26085== LEAK SUMMARY:
==26085==    definitely lost: 0 bytes in 0 blocks
==26085==    indirectly lost: 0 bytes in 0 blocks
==26085==      possibly lost: 1,148,038 bytes in 555 blocks
==26085==    still reachable: 138,665 bytes in 3,223 blocks
==26085==         suppressed: 0 bytes in 0 blocks


Python 3.4.0a1 (without patch)
------------------------------
==32513== HEAP SUMMARY:
==32513==     in use at exit: 1,708,298 bytes in 4,120 blocks
==32513==   total heap usage: 237,965 allocs, 233,845 frees, 94,637,130 bytes allocated
==32513== 
==32513== LEAK SUMMARY:
==32513==    definitely lost: 0 bytes in 0 blocks
==32513==    indirectly lost: 0 bytes in 0 blocks
==32513==      possibly lost: 1,568,077 bytes in 893 blocks
==32513==    still reachable: 140,221 bytes in 3,227 blocks
==32513==         suppressed: 0 bytes in 0 blocks
==32513== Rerun with --leak-check=full to see details of leaked memory


Python 2.7 tip
--------------

==3184== HEAP SUMMARY:
==3184==     in use at exit: 6,411,895 bytes in 4,757 blocks
==3184==   total heap usage: 16,245 allocs, 11,488 frees, 32,948,412 bytes allocated
==3184== 
==3184== LEAK SUMMARY:
==3184==    definitely lost: 0 bytes in 0 blocks
==3184==    indirectly lost: 0 bytes in 0 blocks
==3184==      possibly lost: 1,823,596 bytes in 1,505 blocks
==3184==    still reachable: 4,588,299 bytes in 3,252 blocks
==3184==         suppressed: 0 bytes in 0 blocks
msg196779 - (view) Author: Matěj Stuchlík (sYnfo) Date: 2013-09-02 11:38
Oh, I only checked the particular commit that fixed this issue in 2.6 (50803d881a92). I am not getting any leaks in 2.6 tip either, so I guess it was fixed somewhere along the way.

Sorry for the confusion!
msg196999 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2013-09-05 14:06
New changeset 90040e560527 by Christian Heimes in branch '3.3':
Issue #18709: GCC 4.6 complains that 'v' may be used uninitialized in GEN_EMAIL/GEN_URI/GEN_DNS case
http://hg.python.org/cpython/rev/90040e560527

New changeset 4e93f32176fb by Christian Heimes in branch 'default':
Issue #18709: GCC 4.6 complains that 'v' may be used uninitialized in GEN_EMAIL/GEN_URI/GEN_DNS case
http://hg.python.org/cpython/rev/4e93f32176fb

New changeset 07ee48ce4513 by Christian Heimes in branch '2.6':
Issue #18709: GCC 4.6 complains that 'v' may be used uninitialized in GEN_EMAIL/GEN_URI/GEN_DNS case
http://hg.python.org/cpython/rev/07ee48ce4513

New changeset a7d5b86ffb95 by Christian Heimes in branch '2.7':
Issue #18709: GCC 4.6 complains that 'v' may be used uninitialized in GEN_EMAIL/GEN_URI/GEN_DNS case
http://hg.python.org/cpython/rev/a7d5b86ffb95
msg197692 - (view) Author: Georg Brandl (georg.brandl) * (Python committer) Date: 2013-09-14 07:16
Christian, is the -py32 patch still up to date?
msg197793 - (view) Author: Barry A. Warsaw (barry) * (Python committer) Date: 2013-09-15 17:00
I'm removing 2.6 from the Versions field since AFAIK we've resolved this issue for 2.6.  This way it'll be easier to scan the blockers for 2.6.9.

If anyone things we still have things to address for this issue in 2.6.9, please reassign it or follow up.
msg200343 - (view) Author: Larry Hastings (larry) * (Python committer) Date: 2013-10-19 01:17
So, this is fixed, but there's some suspicion of a memory leak?
If that's true, maybe we could mark this as closed then open a new
bug for the leak?  This shows up as a big scary "release blocker"
against 3.4, and I'm like making releases and stuff.
msg200377 - (view) Author: Matěj Stuchlík (sYnfo) Date: 2013-10-19 06:36
There's no longer any suspicion, no, at least from my side.
msg200395 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-10-19 10:17
I don't get it. Has somebody found a memory leak in my patch?

Larry, I have removed 2.7, 3.3 and 3.4 from the affected versions. They fix has already landed. 3.1 and 3.2 are still open, though.

Georg, the patch for 3.2 is still up to date. Are you going to commit it?
msg203168 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-11-17 14:22
The patch hasn't been committed to 3.2 yet.
msg214973 - (view) Author: Éric Araujo (eric.araujo) * (Python committer) Date: 2014-03-27 17:34
Not sure if 3.2 is still open to security fixes.
msg227894 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2014-09-30 12:47
New changeset 386b0f478117 by Georg Brandl in branch '3.2':
Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes
https://hg.python.org/cpython/rev/386b0f478117
msg323510 - (view) Author: Anuj (Anuj) Date: 2018-08-14 12:22
Do we have patch for 3.1 version, or 3.2 patch will be also OK?
msg323514 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-08-14 12:45
These Python versions no longer receive security updates. Please update.
History
Date User Action Args
2022-04-11 14:57:49adminsetgithub: 62909
2018-08-14 12:45:53christian.heimessetmessages: + msg323514
2018-08-14 12:22:27Anujsetnosy: + Anuj
messages: + msg323510
2014-09-30 12:47:58georg.brandlsetstatus: open -> closed
2014-09-30 12:47:30python-devsetmessages: + msg227894
2014-03-27 17:34:19eric.araujosetnosy: + eric.araujo
messages: + msg214973
2013-11-17 14:22:18christian.heimessetassignee: georg.brandl
messages: + msg203168
versions: - Python 3.1
2013-10-19 10:17:50christian.heimessetmessages: + msg200395
versions: - Python 2.7, Python 3.3, Python 3.4
2013-10-19 06:36:41sYnfosetmessages: + msg200377
2013-10-19 01:17:53larrysetmessages: + msg200343
2013-09-15 17:00:42barrysetmessages: + msg197793
versions: - Python 2.6
2013-09-14 13:38:15neologixsetnosy: - neologix
2013-09-14 07:16:03georg.brandlsetpriority: critical -> release blocker
nosy: + larry
messages: + msg197692

2013-09-05 14:06:59python-devsetmessages: + msg196999
2013-09-03 17:00:12Arfreversettitle: SSL module fails to handle NULL bytes inside subjectAltNames general names (CVE-2013-4238) -> SSL module fails to handle NULL bytes inside subjectAltNames general names (CVE-2013-4238)
2013-09-02 11:38:34sYnfosetmessages: + msg196779
2013-09-02 10:51:30christian.heimessetmessages: + msg196777
2013-09-02 09:47:15sYnfosetnosy: + sYnfo
messages: + msg196776
2013-08-30 17:44:42neologixsetstatus: closed -> open

messages: + msg196566
2013-08-30 17:43:31christian.heimessetmessages: + msg196565
title: SSL module fails to handle NULL bytes inside subjectAltNames general names (CVE-2013-4238) -> SSL module fails to handle NULL bytes inside subjectAltNames general names (CVE-2013-4238)
2013-08-30 17:33:51neologixsetstatus: open -> closed
resolution: fixed
stage: patch review -> resolved
2013-08-25 12:16:16christian.heimessetmessages: + msg196122
2013-08-25 12:15:06python-devsetmessages: + msg196121
2013-08-25 09:04:27dstufftsetnosy: + dstufft
2013-08-25 08:21:21neologixsetnosy: + neologix
messages: + msg196113
2013-08-23 17:38:48python-devsetmessages: + msg195992
2013-08-16 23:25:16christian.heimessetfiles: + CVE-2013-4238-py32.patch
2013-08-16 23:22:54christian.heimessetfiles: + CVE-2013-4238-py31.patch
2013-08-16 23:22:25christian.heimessetnosy: + georg.brandl, benjamin.peterson
messages: + msg195440
2013-08-16 23:11:12python-devsetnosy: + python-dev
messages: + msg195438
2013-08-16 16:03:31christian.heimessetmessages: + msg195347
2013-08-16 00:37:06christian.heimessetfiles: + CVE-2013-4073_py26.patch

messages: + msg195307
2013-08-13 12:10:09christian.heimessetmessages: + msg195069
versions: + Python 3.1
2013-08-13 11:22:17Arfreversetnosy: + Arfrever
2013-08-13 08:56:55christian.heimessetmessages: + msg195056
title: SSL module fails to handle NULL bytes inside subjectAltNames general names (CVE-2013-4073) -> SSL module fails to handle NULL bytes inside subjectAltNames general names (CVE-2013-4238)
2013-08-13 03:05:11abnsetnosy: + abn
messages: + msg195043
2013-08-12 13:14:14christian.heimessetmessages: + msg194959
2013-08-12 13:08:07barrysetnosy: + barry
2013-08-12 13:02:36vstinnersetnosy: + vstinner
messages: + msg194958
2013-08-12 11:35:06christian.heimessetfiles: + CVE-2013-4073_py27.patch
2013-08-12 11:34:49christian.heimessetfiles: + CVE-2013-4073_py33.patch
2013-08-12 11:34:31christian.heimessetfiles: + CVE-2013-4073_py34.patch
keywords: + patch
2013-08-12 11:34:13christian.heimessetfiles: + nullbytecert.pem

messages: + msg194945
2013-08-12 11:32:52christian.heimescreate