← Back to branch summary

~bzr-pqm/bzr/bzr.dev

« back to all changes in this revision

Viewing changes to bzrlib/tests/test_https_urllib.py

  • Committer: Patch Queue Manager
  • Date: 2013-05-20 17:46:29 UTC
  • mfrom: (6573.1.1 bzr)
  • Revision ID: pqm@pqm.ubuntu.com-20130520174629-dp7zujtuclvomuzd
(jameinel) Fix CVE 2013-2009. Avoid allowing multiple wildcards in a single
 SSL cert hostname segment. (Andrew Starr-Bochicchio)

Show diffs side-by-side

added added

removed removed

Lines of Context:
bzrlib/tests/test_https_urllib.py
88
88
        self.assertRaises(ValueError,
89
89
                          _urllib2_wrappers.match_hostname, {}, "example.com")
90
90
 
 
91
    def test_wildcards_in_cert(self):
 
92
        def ok(cert, hostname):
 
93
            _urllib2_wrappers.match_hostname(cert, hostname)
 
94
 
 
95
        # Python Issue #17980: avoid denials of service by refusing more than
 
96
        # one wildcard per fragment.
 
97
        cert = {'subject': ((('commonName', 'a*b.com'),),)}
 
98
        ok(cert, 'axxb.com')
 
99
        cert = {'subject': ((('commonName', 'a*b.co*'),),)}
 
100
        ok(cert, 'axxb.com')
 
101
        cert = {'subject': ((('commonName', 'a*b*.com'),),)}
 
102
        try:
 
103
            _urllib2_wrappers.match_hostname(cert, 'axxbxxc.com')
 
104
        except ValueError as e:
 
105
            self.assertIn("too many wildcards", str(e))
 
106
 
91
107
    def test_no_valid_attributes(self):
92
108
        self.assertRaises(CertificateError, _urllib2_wrappers.match_hostname,
93
109
                          {"Problem": "Solved"}, "example.com")