Google Git
Sign in
android / platform / external / python / cpython3 / 83a0f44ffd8b398673ae56c310cf5768d359c341
commit83a0f44ffd8b398673ae56c310cf5768d359c341[log] [tgz]
authorVictor Stinner <vstinner@python.org>Thu Sep 29 01:17:27 2022 +0200
committerGitHub <noreply@github.com>Thu Sep 29 01:17:27 2022 +0200
tree957adec00fc1c4da195392455dc9536d146996f2
parenta5f092f3c469b674b8d9ccbd4e4377230c9ac7cf [diff]
gh-97612: Fix shell injection in get-remote-certificate.py (#97613)

Fix a shell code injection vulnerability in the
get-remote-certificate.py example script. The script no longer uses a
shell to run "openssl" commands. Issue reported and initial fix by
Caleb Shortt.

Remove the Windows code path to send "quit" on stdin to the "openssl
s_client" command: use DEVNULL on all platforms instead.

Co-authored-by: Caleb Shortt <caleb@rgauge.com>
2 files changed
tree: 957adec00fc1c4da195392455dc9536d146996f2
  1. .azure-pipelines/
  2. .github/
  3. Doc/
  4. Grammar/
  5. Include/
  6. Lib/
  7. Mac/
  8. Misc/
  9. Modules/
  10. Objects/
  11. Parser/
  12. PC/
  13. PCbuild/
  14. Programs/
  15. Python/
  16. Tools/
  17. .editorconfig
  18. .gitattributes
  19. .gitignore
  20. aclocal.m4
  21. config.guess
  22. config.sub
  23. configure
  24. configure.ac
  25. install-sh
  26. LICENSE
  27. Makefile.pre.in
  28. pyconfig.h.in
  29. README.rst