backport fix for CVE-2019-5010, cpython issue 35746

author: Matti Picus <matti.picus@gmail.com> 2020-10-06 11:06:01 +0300
committer: Matti Picus <matti.picus@gmail.com> 2020-10-06 11:06:01 +0300
commit: c843c21f97a9a5b42627812bb2519e92ba2a82f7 (patch)
tree: 8df536b7f162ab4931743097305ff6aac610571f
parent: Fix bpo-25862 (diff)
download: pypy-c843c21f97a9a5b42627812bb2519e92ba2a82f7.tar.gz
pypy-c843c21f97a9a5b42627812bb2519e92ba2a82f7.tar.bz2
pypy-c843c21f97a9a5b42627812bb2519e92ba2a82f7.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/lib_pypy/_cffi_ssl/_stdssl/certificate.py b/lib_pypy/_cffi_ssl/_stdssl/certificate.py
index 6b49e88b14..fe660bde81 100644
--- a/lib_pypy/_cffi_ssl/_stdssl/certificate.py
+++ b/lib_pypy/_cffi_ssl/_stdssl/certificate.py
@@ -265,6 +265,9 @@ def _get_crl_dp(certificate):
     count = lib.sk_DIST_POINT_num(dps)
     for i in range(count):
         dp = lib.sk_DIST_POINT_value(dps, i);
+        if not dp.distpoint:
+            # Ignore empty DP value, CVE-2019-5010
+            continue
         gns = dp.distpoint.name.fullname;
 
         jcount = lib.sk_GENERAL_NAME_num(gns)
author	Matti Picus <matti.picus@gmail.com>	2020-10-06 11:06:01 +0300
committer	Matti Picus <matti.picus@gmail.com>	2020-10-06 11:06:01 +0300
commit	c843c21f97a9a5b42627812bb2519e92ba2a82f7 (patch)
tree	8df536b7f162ab4931743097305ff6aac610571f
parent	Fix bpo-25862 (diff)
download	pypy-c843c21f97a9a5b42627812bb2519e92ba2a82f7.tar.gz pypy-c843c21f97a9a5b42627812bb2519e92ba2a82f7.tar.bz2 pypy-c843c21f97a9a5b42627812bb2519e92ba2a82f7.zip