Minix/pkgsrc-ng
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Import of pkgsrc-2014Q1

Browse Source
This commit is contained in:
Lionel Sambuc
2014-04-17 16:38:45 +02:00
parent 785076ae39
commit 9a8c06dafb
19365 changed files with 828089 additions and 278039 deletions
Download Patch File Download Diff File Expand all files Collapse all files

102
lang/python27/patches/patch-Modules___ssl.c
View File

@@ -1,11 +1,8 @@
$NetBSD: patch-Modules___ssl.c,v 1.1.2.1 2013/08/21 11:47:14 tron Exp $
$NetBSD: patch-Modules___ssl.c,v 1.3 2013/11/12 18:57:25 adam Exp $
* from cygport 2.6.2-ssl-threads.patch
Cygwin fix from cygport 2.6.2-ssl-threads.patch
patch for CVE-2013-4238 taken from
http://hg.python.org/cpython/rev/bd2360476bdb
--- Modules/_ssl.c.orig 2013-04-06 14:02:36.000000000 +0000
--- Modules/_ssl.c.orig 2013-11-10 07:36:41.000000000 +0000
+++ Modules/_ssl.c
@@ -16,6 +16,10 @@
@@ -17,97 +14,4 @@ http://hg.python.org/cpython/rev/bd2360476bdb
+
#ifdef WITH_THREAD
#include "pythread.h"
#define PySSL_BEGIN_ALLOW_THREADS { \
@@ -738,13 +742,16 @@ _get_peer_alt_names (X509 *certificate)
ext->value->length));
for(j = 0; j < sk_GENERAL_NAME_num(names); j++) {
-
/* get a rendering of each name in the set of names */
+ int gntype;
+ ASN1_STRING *as = NULL;
name = sk_GENERAL_NAME_value(names, j);
- if (name->type == GEN_DIRNAME) {
-
- /* we special-case DirName as a tuple of tuples of attributes */
+ gntype = name-> type;
+ switch (gntype) {
+ case GEN_DIRNAME:
+ /* we special-case DirName as a tuple of
+ tuples of attributes */
t = PyTuple_New(2);
if (t == NULL) {
@@ -764,11 +771,61 @@ _get_peer_alt_names (X509 *certificate)
goto fail;
}
PyTuple_SET_ITEM(t, 1, v);
+ break;
- } else {
+ case GEN_EMAIL:
+ case GEN_DNS:
+ case GEN_URI:
+ /* GENERAL_NAME_print() doesn't handle NULL bytes in ASN1_string
+ correctly, CVE-2013-4238 */
+ t = PyTuple_New(2);
+ if (t == NULL)
+ goto fail;
+ switch (gntype) {
+ case GEN_EMAIL:
+ v = PyString_FromString("email");
+ as = name->d.rfc822Name;
+ break;
+ case GEN_DNS:
+ v = PyString_FromString("DNS");
+ as = name->d.dNSName;
+ break;
+ case GEN_URI:
+ v = PyString_FromString("URI");
+ as = name->d.uniformResourceIdentifier;
+ break;
+ }
+ if (v == NULL) {
+ Py_DECREF(t);
+ goto fail;
+ }
+ PyTuple_SET_ITEM(t, 0, v);
+ v = PyString_FromStringAndSize((char *)ASN1_STRING_data(as),
+ ASN1_STRING_length(as));
+ if (v == NULL) {
+ Py_DECREF(t);
+ goto fail;
+ }
+ PyTuple_SET_ITEM(t, 1, v);
+ break;
+ default:
/* for everything else, we use the OpenSSL print form */
-
+ switch (gntype) {
+ /* check for new general name type */
+ case GEN_OTHERNAME:
+ case GEN_X400:
+ case GEN_EDIPARTY:
+ case GEN_IPADD:
+ case GEN_RID:
+ break;
+ default:
+ if (PyErr_Warn(PyExc_RuntimeWarning,
+ "Unknown general name type") == -1) {
+ goto fail;
+ }
+ break;
+ }
(void) BIO_reset(biobuf);
GENERAL_NAME_print(biobuf, name);
len = BIO_gets(biobuf, buf, sizeof(buf)-1);
@@ -794,6 +851,7 @@ _get_peer_alt_names (X509 *certificate)
goto fail;
}
PyTuple_SET_ITEM(t, 1, v);
+ break;
}
/* and add that rendering to the list */