[New-bugs-announce] [issue18709] SSL module fails to handle NULL bytes inside subjectAltNames general names (CVE-2013-4073)

Christian Heimes report at bugs.python.org
Mon Aug 12 13:32:52 CEST 2013

New submission from Christian Heimes:

Ryan Sleevi of the Google Chrome Security Team has informed us that Python's SSL module doesn't handle NULL bytes inside subjectAltNames general names. It's related to Ruby's CVE-2013-4073 http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/

Although Python uses a slightly different OpenSSL API to parse a X.509 certificate and turn its fields into a dictionary, our implementation eventually uses an OpenSSL function that fails to handle NULL bytes. This could lead to a breach when an application uses ssl.match_hostname() to match the hostname againt the certificate's subjectAltName's dNSName general names.

When the Ruby issues was announced publicly I already suspected that our code may suffer from the same issue. But I was unable to generate a X.509 certificate with a NULL byte in its X509v3 subjectAltName extension, only in subject and issuer. OpenSSL's config file format just didn't support NULL bytes. But Our code handled the NULL byte in subject in issuer just fine so I gave up. In the light of the bug report I went a different path and eventually I came up with a malicious certificate that showed the reported bug.

components: Extension Modules
messages: 194944
nosy: christian.heimes
priority: critical
severity: normal
stage: patch review
status: open
title: SSL module fails to handle NULL bytes inside subjectAltNames general names (CVE-2013-4073)
type: security
versions: Python 2.6, Python 2.7, Python 3.2, Python 3.3, Python 3.4

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list