]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit
projects / thirdparty / Python / cpython.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: eae692e) | patch
[3.10] gh-98517: Fix buffer overflows in _sha3 module (#98519)
authorTheo Buehler <botovq@users.noreply.github.com>
Fri, 21 Oct 2022 19:26:01 +0000 (21:26 +0200)
committerGitHub <noreply@github.com>
Fri, 21 Oct 2022 19:26:01 +0000 (12:26 -0700)
commit0e4e058602d93b88256ff90bbef501ba20be9dd3
tree90ecca6c6ad8aa8a9fd50d338359a8e98d187fd4tree | snapshot
parenteae692eed18892309bcc25a2c0f8980038305ea2commit | diff
[3.10] gh-98517: Fix buffer overflows in _sha3 module (#98519)

This is a port of the applicable part of XKCP's fix [1] for
CVE-2022-37454 and avoids the segmentation fault and the infinite
loop in the test cases published in [2].

[1]: https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a
[2]: https://mouha.be/sha-3-buffer-overflow/

Regression test added by: Gregory P. Smith [Google LLC] <greg@krypto.org>
Lib/test/test_hashlib.py diff | blob | blame | history
Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst [new file with mode: 0644] blob
Modules/_sha3/kcp/KeccakSponge.inc diff | blob | blame | history
Mirror of https://github.com/python/cpython.git