Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/dev-lang/python/files/python-3.2-CVE-2013-2099.patch
diff options
context:
space:
mode:
Diffstat (limited to 'dev-lang/python/files/python-3.2-CVE-2013-2099.patch')
-rw-r--r--dev-lang/python/files/python-3.2-CVE-2013-2099.patch51
1 files changed, 0 insertions, 51 deletions
diff --git a/dev-lang/python/files/python-3.2-CVE-2013-2099.patch b/dev-lang/python/files/python-3.2-CVE-2013-2099.patch
deleted file mode 100644
index 9055a03..0000000
--- a/dev-lang/python/files/python-3.2-CVE-2013-2099.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-# HG changeset patch
-# User Antoine Pitrou <solipsis@pitrou.net>
-# Date 1368892602 -7200
-# Sat May 18 17:56:42 2013 +0200
-# Branch 3.2
-# Node ID b9b521efeba385af0142988899a55de1c1c805c7
-# Parent 6255b40c6a6127933d8ea7a2b9de200f5a0e6154
-Issue #17980: Fix possible abuse of ssl.match_hostname() for denial of service using certificates with many wildcards (CVE-2013-2099).
-
-diff --git a/Lib/ssl.py b/Lib/ssl.py
---- a/Lib/ssl.py
-+++ b/Lib/ssl.py
-@@ -108,9 +108,16 @@
- pass
-
-
--def _dnsname_to_pat(dn):
-+def _dnsname_to_pat(dn, max_wildcards=1):
- pats = []
- for frag in dn.split(r'.'):
-+ if frag.count('*') > max_wildcards:
-+ # Issue #17980: avoid denials of service by refusing more
-+ # than one wildcard per fragment. A survery of established
-+ # policy among SSL implementations showed it to be a
-+ # reasonable choice.
-+ raise CertificateError(
-+ "too many wildcards in certificate DNS name: " + repr(dn))
- if frag == '*':
- # When '*' is a fragment by itself, it matches a non-empty dotless
- # fragment.
-diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
---- a/Lib/test/test_ssl.py
-+++ b/Lib/test/test_ssl.py
-@@ -326,6 +326,17 @@
- self.assertRaises(ValueError, ssl.match_hostname, None, 'example.com')
- self.assertRaises(ValueError, ssl.match_hostname, {}, 'example.com')
-
-+ # Issue #17980: avoid denials of service by refusing more than one
-+ # wildcard per fragment.
-+ cert = {'subject': ((('commonName', 'a*b.com'),),)}
-+ ok(cert, 'axxb.com')
-+ cert = {'subject': ((('commonName', 'a*b.co*'),),)}
-+ ok(cert, 'axxb.com')
-+ cert = {'subject': ((('commonName', 'a*b*.com'),),)}
-+ with self.assertRaises(ssl.CertificateError) as cm:
-+ ssl.match_hostname(cert, 'axxbxxc.com')
-+ self.assertIn("too many wildcards", str(cm.exception))
-+
- def test_server_side(self):
- # server_hostname doesn't work for server sockets
- ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)