[issue30502] Fix buffer handling of OBJ_obj2txt
Christian Heimes
report at bugs.python.org
Mon May 29 03:19:13 EDT 2017
New submission from Christian Heimes:
Frawser Tweedle from Red Hat's identity management team found an issue in PyCA cryptography's handling of buffers for OpenSSL OBJ_obj2txt(). Cryptography fails to handle long OIDs as used by Active Directory.
https://github.com/pyca/cryptography/pull/3612/
https://bugzilla.redhat.com/show_bug.cgi?id=1455755
CPython's ssl module doesn't handle buffer allocation for OBJ_obj2txt() correctly, too. A default buffer size of 255+1 makes the bug less likely to occur, though. We should fix the problem anyway.
----------
assignee: christian.heimes
components: SSL
messages: 294679
nosy: christian.heimes
priority: critical
severity: normal
status: open
title: Fix buffer handling of OBJ_obj2txt
type: behavior
versions: Python 2.7, Python 3.5, Python 3.6, Python 3.7
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue30502>
_______________________________________
More information about the Python-bugs-list
mailing list