Christian Heimes <li...@cheimes.de> added the comment:
Riccardo, the issue is about parsing the user supplied hostname/ipaddress, not the IPAddress field of the certificate. X.509 certs store IP addresses as fixed-size binary data, 4 bytes for IPv4 or 16 bytes for IPv6. There can't be any additional payload. The bug is in the code that parses the user supplied "hostname" parameter to ssl.match_hostname(cert, hostname). The bug allows an attacker to pass an IPv4 address with additional content and ssl.match_hostname() ignores this additional content. This example should fail, but does not fail with an exception: >>> import ssl >>> cert = {'subjectAltName': [('IP Address', '127.0.0.1 additional payload')]} >>> ssl.match_hostname(cert, '127.0.0.1') ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue37463> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com