diff options
| author | Christian Heimes <christian@python.org> | 2016-09-06 23:27:06 +0200 |
|---|---|---|
| committer | Christian Heimes <christian@python.org> | 2016-09-06 23:27:06 +0200 |
| commit | ff2ba8fe20928eba446883830e0238bed37435fa (patch) | |
| tree | c62840137c2d07d8602b0f6b0fc4ed404943c623 /Modules/_ssl.c | |
| parent | dc659cc7eadb1ac32426e00730fe1c25837c966d (diff) | |
| parent | 0e0c9096e87a3631b9d96eef406d3737d176631c (diff) | |
| download | cpython-ff2ba8fe20928eba446883830e0238bed37435fa.tar.gz | |
Issue #27691: Fix ssl module's parsing of GEN_RID subject alternative name fields in X.509 certs.
Diffstat (limited to 'Modules/_ssl.c')
| -rw-r--r-- | Modules/_ssl.c | 35 |
1 files changed, 34 insertions, 1 deletions
diff --git a/Modules/_ssl.c b/Modules/_ssl.c index dcfa95ae82..b4fac44b62 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -1007,6 +1007,35 @@ _get_peer_alt_names (X509 *certificate) { PyTuple_SET_ITEM(t, 1, v); break; + case GEN_RID: + t = PyTuple_New(2); + if (t == NULL) + goto fail; + + v = PyUnicode_FromString("Registered ID"); + if (v == NULL) { + Py_DECREF(t); + goto fail; + } + PyTuple_SET_ITEM(t, 0, v); + + len = i2t_ASN1_OBJECT(buf, sizeof(buf)-1, name->d.rid); + if (len < 0) { + Py_DECREF(t); + _setSSLError(NULL, 0, __FILE__, __LINE__); + goto fail; + } else if (len >= (int)sizeof(buf)) { + v = PyUnicode_FromString("<INVALID>"); + } else { + v = PyUnicode_FromStringAndSize(buf, len); + } + if (v == NULL) { + Py_DECREF(t); + goto fail; + } + PyTuple_SET_ITEM(t, 1, v); + break; + default: /* for everything else, we use the OpenSSL print form */ switch (gntype) { @@ -1033,8 +1062,12 @@ _get_peer_alt_names (X509 *certificate) { goto fail; } vptr = strchr(buf, ':'); - if (vptr == NULL) + if (vptr == NULL) { + PyErr_Format(PyExc_ValueError, + "Invalid value %.200s", + buf); goto fail; + } t = PyTuple_New(2); if (t == NULL) goto fail; |