Message347123
Riccardo, the issue is about parsing the user supplied hostname/ipaddress, not the IPAddress field of the certificate. X.509 certs store IP addresses as fixed-size binary data, 4 bytes for IPv4 or 16 bytes for IPv6. There can't be any additional payload.
The bug is in the code that parses the user supplied "hostname" parameter to ssl.match_hostname(cert, hostname). The bug allows an attacker to pass an IPv4 address with additional content and ssl.match_hostname() ignores this additional content. This example should fail, but does not fail with an exception:
>>> import ssl
>>> cert = {'subjectAltName': [('IP Address', '127.0.0.1 additional payload')]}
>>> ssl.match_hostname(cert, '127.0.0.1') |
|
Date |
User |
Action |
Args |
2019-07-02 09:14:21 | christian.heimes | set | recipients:
+ christian.heimes, janssen, vstinner, ned.deily, alex, lukasz.langa, dstufft, rschiron |
2019-07-02 09:14:21 | christian.heimes | set | messageid: <1562058861.63.0.372473221474.issue37463@roundup.psfhosted.org> |
2019-07-02 09:14:21 | christian.heimes | link | issue37463 messages |
2019-07-02 09:14:21 | christian.heimes | create | |
|