[issue17980] CVE-2013-2099 ssl.match_hostname() trips over crafted wildcard names
Antoine Pitrou
report at bugs.python.org
Thu May 16 20:34:26 CEST 2013
Antoine Pitrou added the comment:
Here is a patch allowing at most 2 wildcards per domain fragment. Georg, do you think this should go into 3.2?
----------
keywords: +patch
nosy: +georg.brandl
Added file: http://bugs.python.org/file30288/ssl_wildcard_dos.patch
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue17980>
_______________________________________
More information about the Python-bugs-list
mailing list