]> git.ipfire.org Git - thirdparty/Python/cpython.git/commitdiff
projects / thirdparty / Python / cpython.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f1aa8ae)
bpo-34922: Fix integer overflow in the digest() and hexdigest() methods (GH-9751)
authorSerhiy Storchaka <storchaka@gmail.com>
Thu, 11 Oct 2018 04:41:00 +0000 (07:41 +0300)
committerGitHub <noreply@github.com>
Thu, 11 Oct 2018 04:41:00 +0000 (07:41 +0300)
for the SHAKE algorithm in the hashlib module.

Lib/test/test_hashlib.py patch | blob | blame | history
Misc/NEWS.d/next/Library/2018-10-07-21-18-52.bpo-34922.37IdsA.rst [new file with mode: 0644] patch | blob
Modules/_sha3/sha3module.c patch | blob | blame | history

diff --git a/Lib/test/test_hashlib.py b/Lib/test/test_hashlib.py
index c8a873f1e01f01e808977fb965b1c1f27ece6fa6..f83f73a0cc45319d5e83b66255ca8268f166dd03 100644 (file)
--- a/Lib/test/test_hashlib.py
+++ b/Lib/test/test_hashlib.py
@@ -230,6 +230,19 @@ class HashLibTestCase(unittest.TestCase):
                 self.assertIsInstance(h.digest(), bytes)
                 self.assertEqual(hexstr(h.digest()), h.hexdigest())
 
+    def test_digest_length_overflow(self):
+        # See issue #34922
+        large_sizes = (2**29, 2**32-10, 2**32+10, 2**61, 2**64-10, 2**64+10)
+        for cons in self.hash_constructors:
+            h = cons()
+            if h.name not in self.shakes:
+                continue
+            for digest in h.digest, h.hexdigest:
+                self.assertRaises(ValueError, digest, -10)
+                for length in large_sizes:
+                    with self.assertRaises((ValueError, OverflowError)):
+                        digest(length)
+
     def test_name_attribute(self):
         for cons in self.hash_constructors:
             h = cons()
diff --git a/Misc/NEWS.d/next/Library/2018-10-07-21-18-52.bpo-34922.37IdsA.rst b/Misc/NEWS.d/next/Library/2018-10-07-21-18-52.bpo-34922.37IdsA.rst
new file mode 100644 (file)
index 0000000..6463886
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2018-10-07-21-18-52.bpo-34922.37IdsA.rst
@@ -0,0 +1,3 @@
+Fixed integer overflow in the :meth:`~hashlib.shake.digest()` and
+:meth:`~hashlib.shake.hexdigest()` methods for the SHAKE algorithm
+in the :mod:`hashlib` module.
diff --git a/Modules/_sha3/sha3module.c b/Modules/_sha3/sha3module.c
index 46c1ff1538524df886c7128a66d70edca9198be6..b737363d717247538a09b86bec18b1ac02342af2 100644 (file)
--- a/Modules/_sha3/sha3module.c
+++ b/Modules/_sha3/sha3module.c
@@ -589,6 +589,10 @@ _SHAKE_digest(SHA3object *self, unsigned long digestlen, int hex)
     int res;
     PyObject *result = NULL;
 
+    if (digestlen >= (1 << 29)) {
+        PyErr_SetString(PyExc_ValueError, "length is too large");
+        return NULL;
+    }
     /* ExtractLane needs at least SHA3_MAX_DIGESTSIZE + SHA3_LANESIZE and
      * SHA3_LANESIZE extra space.
      */
Mirror of https://github.com/python/cpython.git