Christian Heimes <[email protected]> added the comment:
Riccardo, the issue is about parsing the user supplied hostname/ipaddress, not
the IPAddress field of the certificate. X.509 certs store IP addresses as
fixed-size binary data, 4 bytes for IPv4 or 16 bytes for IPv6. There can't be
any additional payload.
The bug is in the code that parses the user supplied "hostname" parameter to
ssl.match_hostname(cert, hostname). The bug allows an attacker to pass an IPv4
address with additional content and ssl.match_hostname() ignores this
additional content. This example should fail, but does not fail with an
exception:
>>> import ssl
>>> cert = {'subjectAltName': [('IP Address', '127.0.0.1 additional payload')]}
>>> ssl.match_hostname(cert, '127.0.0.1')
----------
_______________________________________
Python tracker <[email protected]>
<https://bugs.python.org/issue37463>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
