Skip to content
Snippets Groups Projects
Select Git revision
  • 3.10
  • 3.11
  • main default protected
  • revert-15688-bpo-38031-_io-FileIO-opener-crash
  • 3.8
  • 3.9
  • 3.7
  • enum-fix_auto
  • branch-v3.11.0
  • backport-c3648f4-3.11
  • gh-93963/remove-importlib-resources-abcs
  • refactor-wait_for
  • shared-testcase
  • v3.12.0a2
  • v3.12.0a1
  • v3.11.0
  • v3.8.15
  • v3.9.15
  • v3.10.8
  • v3.7.15
  • v3.11.0rc2
  • v3.8.14
  • v3.9.14
  • v3.7.14
  • v3.10.7
  • v3.11.0rc1
  • v3.10.6
  • v3.11.0b5
  • v3.11.0b4
  • v3.10.5
  • v3.11.0b3
  • v3.11.0b2
  • v3.9.13
33 results
Compare
user avatar
[3.9] gh-97612: Fix shell injection in get-remote-certificate.py (GH-97613) (GH-97632)
Miss Islington (bot) authored 
gh-97612: Fix shell injection in get-remote-certificate.py (GH-97613)

Fix a shell code injection vulnerability in the
get-remote-certificate.py example script. The script no longer uses a
shell to run "openssl" commands. Issue reported and initial fix by
Caleb Shortt.

Remove the Windows code path to send "quit" on stdin to the "openssl
s_client" command: use DEVNULL on all platforms instead.

Co-authored-by: default avatarCaleb Shortt <caleb@rgauge.com>
(cherry picked from commit 83a0f44f)

Co-authored-by: default avatarVictor Stinner <vstinner@python.org>
d6ef6805
History
user avatar d6ef6805
History
Name Last commit Last update