Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

cryptography NULL pointer deference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override #79

Open
sniffler-app bot opened this issue Feb 21, 2024 · 0 comments
Open

cryptography NULL pointer deference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override #79

sniffler-app bot opened this issue Feb 21, 2024 · 0 comments
Assignees
@ls-miles-rostami @ls-alexander-muehlbauer
Labels
dependabot high security

Comments

@sniffler-app
Copy link

sniffler-app bot commented Feb 21, 2024

Description

If pkcs12.serialize_key_and_certificates is called with both:

  1. A certificate whose public key did not match the provided private key
  2. An encryption_algorithm with hmac_hash set (via PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)

Then a NULL pointer dereference would occur, crashing the Python process.

This has been resolved, and now a ValueError is properly raised.

Patched in pyca/cryptography#10423

Informations

Manifest Path: poetry.lock

Please look at dependabot report: https://github.com/lightspeed-hospitality/pre-commit-hooks/security/dependabot/19
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@ls-miles-rostami ls-miles-rostami

@ls-alexander-muehlbauer ls-alexander-muehlbauer

Labels
dependabot high security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ls-miles-rostami @ls-alexander-muehlbauer