This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author christian.heimes
Recipients alex, christian.heimes, dstufft, janssen, lukasz.langa, ned.deily, rschiron, vstinner
Date 2019-07-02.09:14:21
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1562058861.63.0.372473221474.issue37463@roundup.psfhosted.org>
In-reply-to
Content 
Riccardo, the issue is about parsing the user supplied hostname/ipaddress, not the IPAddress field of the certificate. X.509 certs store IP addresses as fixed-size binary data, 4 bytes for IPv4 or 16 bytes for IPv6. There can't be any additional payload.

The bug is in the code that parses the user supplied "hostname" parameter to ssl.match_hostname(cert, hostname). The bug allows an attacker to pass an IPv4 address with additional content and ssl.match_hostname() ignores this additional content. This example should fail, but does not fail with an exception:

>>> import ssl
>>> cert = {'subjectAltName': [('IP Address', '127.0.0.1 additional payload')]}
>>> ssl.match_hostname(cert, '127.0.0.1')
History
Date User Action Args
2019-07-02 09:14:21christian.heimessetrecipients: + christian.heimes, janssen, vstinner, ned.deily, alex, lukasz.langa, dstufft, rschiron
2019-07-02 09:14:21christian.heimessetmessageid: <1562058861.63.0.372473221474.issue37463@roundup.psfhosted.org>
2019-07-02 09:14:21christian.heimeslinkissue37463 messages
2019-07-02 09:14:21christian.heimescreate