[issue17980] CVE-2013-2099 ssl.match_hostname() trips over crafted wildcard names
Antoine Pitrou
report at bugs.python.org
Thu May 16 14:43:57 CEST 2013
Antoine Pitrou added the comment:
> In my tests, I used a host name like
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.example.org, and a dNSName
> like a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*.example.org.
> Quadratic behavior wouldn't be too bad because the host name is
> necessarily rather short (more than 255 characters will not pass
> through DNS).
Hmm, but the host name doesn't necessarily come from DNS, does it?
----------
title: CVE-2013-2099 ssl.match_hostname() trips over crafted wildcard names -> CVE-2013-2099 ssl.match_hostname() trips over crafted wildcard names
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue17980>
_______________________________________
More information about the Python-bugs-list
mailing list