Inadeqate input validation and a reference leak in crypto.{load, dump}_privatekey
Bug #499628 reported by
Ziga Seilnacht
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pyOpenSSL |
Fix Committed
|
Undecided
|
Unassigned |
Bug Description
crpto.load_
- they don't raise an error if a passphrase is specified with a serialization format that doesn't support encryption
- they truncate long passphrases supplied via callback
- they either overwrite the error raised by the passphrase (load_privatekey) callback or forget to cleanup OpenSSL's error stack in that case (dump_privatekey)
- they forget to decref the passphrase returned by the callback
- they are missing a few NULL checks
I'll submit a branch with the fixes.
Related branches
lp:~zseil/pyopenssl/privatekey-callback-fixes
Ready for review
for merging
into
lp:~exarkun/pyopenssl/trunk
- Jean-Paul Calderone: Pending requested
-
Diff: 385 lines (+197/-66)2 files modifiedsrc/crypto/crypto.c (+91/-66)
test/test_crypto.py (+106/-0)
To post a comment you must log in.
Thanks. Fixed in r161.