1berry/cpython
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

gh-100372: Use BIO_eof to detect EOF for SSL_FILETYPE_ASN1 (GH-100373)

Browse Source 
In PEM, we need to parse until error and then suppress `PEM_R_NO_START_LINE`, because PEM allows arbitrary leading and trailing data. DER, however, does not. Parsing until error and suppressing `ASN1_R_HEADER_TOO_LONG` doesn't quite work because that error also covers some cases that should be rejected.

Instead, check `BIO_eof` early and stop the loop that way.

Automerge-Triggered-By: GH:Yhg1s
This commit is contained in:
David Benjamin 2023-03-24 09:04:30 -04:00 committed by GitHub
parent 6a1c49a717
commit acfe02f3b0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Lib/test/test_ssl.py
View File

@ -1289,6 +1289,8 @@ class ContextTests(unittest.TestCase):
"not enough data: cadata does not contain a certificate" "not enough data: cadata does not contain a certificate"
): ):
ctx.load_verify_locations(cadata=b"broken") ctx.load_verify_locations(cadata=b"broken")
with self.assertRaises(ssl.SSLError):
ctx.load_verify_locations(cadata=cacert_der + b"A")
@unittest.skipIf(Py_DEBUG_WIN32, "Avoid mixing debug/release CRT on Windows") @unittest.skipIf(Py_DEBUG_WIN32, "Avoid mixing debug/release CRT on Windows")
def test_load_dh_params(self): def test_load_dh_params(self):

2
Misc/NEWS.d/next/Library/2022-12-20-10-55-14.gh-issue-100372.utfP65.rst Normal file
View File

@ -0,0 +1,2 @@
:meth:`ssl.SSLContext.load_verify_locations` no longer incorrectly accepts
some cases of trailing data when parsing DER.

10
Modules/_ssl.c
View File

@ -3930,7 +3930,7 @@ _add_ca_certs(PySSLContext *self, const void *data, Py_ssize_t len,
{ {
BIO *biobuf = NULL; BIO *biobuf = NULL;
X509_STORE *store; X509_STORE *store;
int retval = -1, err, loaded = 0; int retval = -1, err, loaded = 0, was_bio_eof = 0;
assert(filetype == SSL_FILETYPE_ASN1 || filetype == SSL_FILETYPE_PEM); assert(filetype == SSL_FILETYPE_ASN1 || filetype == SSL_FILETYPE_PEM);
@ -3958,6 +3958,10 @@ _add_ca_certs(PySSLContext *self, const void *data, Py_ssize_t len,
int r; int r;
if (filetype == SSL_FILETYPE_ASN1) { if (filetype == SSL_FILETYPE_ASN1) {
if (BIO_eof(biobuf)) {
was_bio_eof = 1;
break;
}
cert = d2i_X509_bio(biobuf, NULL); cert = d2i_X509_bio(biobuf, NULL);
} else { } else {
cert = PEM_read_bio_X509(biobuf, NULL, cert = PEM_read_bio_X509(biobuf, NULL,
@ -3993,9 +3997,7 @@ _add_ca_certs(PySSLContext *self, const void *data, Py_ssize_t len,
} }
_setSSLError(get_state_ctx(self), msg, 0, __FILE__, __LINE__); _setSSLError(get_state_ctx(self), msg, 0, __FILE__, __LINE__);
retval = -1; retval = -1;
} else if ((filetype == SSL_FILETYPE_ASN1) && } else if ((filetype == SSL_FILETYPE_ASN1) && was_bio_eof) {
(ERR_GET_LIB(err) == ERR_LIB_ASN1) &&
(ERR_GET_REASON(err) == ASN1_R_HEADER_TOO_LONG)) {
/* EOF ASN1 file, not an error */ /* EOF ASN1 file, not an error */
ERR_clear_error(); ERR_clear_error();
retval = 0; retval = 0;