Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gh-100372: Use BIO_eof to detect EOF for SSL_FILETYPE_ASN1 #100373

Merged
merged 2 commits into from
Mar 24, 2023
Merged

gh-100372: Use BIO_eof to detect EOF for SSL_FILETYPE_ASN1 #100373

merged 2 commits into from
Mar 24, 2023

Conversation

davidben
Copy link
Contributor

@davidben davidben commented Dec 20, 2022
edited by miss-islington
Loading

In PEM, we need to parse until error and then suppress PEM_R_NO_START_LINE, because PEM allows arbitrary leading and trailing data. DER, however, does not. Parsing until error and suppressing ASN1_R_HEADER_TOO_LONG doesn't quite work because that error also covers some cases that should be rejected.

Instead, check BIO_eof early and stop the loop that way.

Automerge-Triggered-By: GH:Yhg1s

@davidben
pythongh-100372: Use BIO_eof to detect EOF for SSL_FILETYPE_ASN1
863a0a7 
In PEM, we need to parse until error and then suppress
PEM_R_NO_START_LINE, because PEM allows arbitrary leading and trailing
data. DER, however, does not. Parsing until error and suppressing
ASN1_R_HEADER_TOO_LONG doesn't quite work because that error also
covers some cases that should be rejected.

Instead, check BIO_eof early and stop the loop that way.
@bedevere-bot bedevere-bot mentioned this pull request Dec 20, 2022
Closed
@davidben
Copy link
Contributor Author

@tiran This PR look reasonable? Anything missing on my end?

@Yhg1s Yhg1s self-requested a review March 24, 2023 12:36
@Yhg1s
Copy link
Member

Yhg1s commented Mar 24, 2023

I don't think this is a security issue, or at least not serious enough to backport to security-only releases. Do you disagree, @davidben, or is there a security angle I'm missing?

I'm not sure if this should be backported to 3.11/3.10 either. It's a bug, but it doesn't feel important enough to backport and risk breaking users who rely on the old broken behaviour.

@miss-islington
Copy link
Contributor

Status check is done, and it's a success ✅.

@miss-islington miss-islington merged commit acfe02f into python:main Mar 24, 2023
@davidben
Copy link
Contributor Author

Do you disagree, @davidben, or is there a security angle I'm missing?

Nah, can't think of any security angle. Just generally improving behavior and reducing dependency on OpenSSL error codes. (Conditioning on OpenSSL error codes can be a bit messy. Sometimes you have to, like the PEM case here, but other times the error codes don't correspond enough to clear, stable conditions to condition on. :-( )

Fidget-Spinner pushed a commit to Fidget-Spinner/cpython that referenced this pull request Mar 27, 2023
@davidben @Fidget-Spinner
pythongh-100372: Use BIO_eof to detect EOF for SSL_FILETYPE_ASN1 (pyt…
387cc11 
…honGH-100373)

In PEM, we need to parse until error and then suppress `PEM_R_NO_START_LINE`, because PEM allows arbitrary leading and trailing data. DER, however, does not. Parsing until error and suppressing `ASN1_R_HEADER_TOO_LONG` doesn't quite work because that error also covers some cases that should be rejected.

Instead, check `BIO_eof` early and stop the loop that way.

Automerge-Triggered-By: GH:Yhg1s
warsaw pushed a commit to warsaw/cpython that referenced this pull request Apr 11, 2023
@davidben @warsaw
pythongh-100372: Use BIO_eof to detect EOF for SSL_FILETYPE_ASN1 (pyt…
ef6ca4e 
…honGH-100373)

In PEM, we need to parse until error and then suppress `PEM_R_NO_START_LINE`, because PEM allows arbitrary leading and trailing data. DER, however, does not. Parsing until error and suppressing `ASN1_R_HEADER_TOO_LONG` doesn't quite work because that error also covers some cases that should be rejected.

Instead, check `BIO_eof` early and stop the loop that way.

Automerge-Triggered-By: GH:Yhg1s
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Yhg1s Yhg1s Yhg1s approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@davidben @Yhg1s @miss-islington @bedevere-bot