From: Serhiy Storchaka Date: Sun, 19 May 2013 08:41:15 +0000 (+0300) Subject: Issue #17812: Fixed quadratic complexity of base64.b32encode(). X-Git-Tag: v3.4.0a1~688^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2c3f2f19df0939744774370369b55e3ca214040c;p=thirdparty%2FPython%2Fcpython.git Issue #17812: Fixed quadratic complexity of base64.b32encode(). --- diff --git a/Lib/base64.py b/Lib/base64.py index 4042f004fd9d..6bcdff63d4a5 100755 --- a/Lib/base64.py +++ b/Lib/base64.py @@ -166,7 +166,7 @@ def b32encode(s): if leftover: s = s + bytes(5 - leftover) # Don't use += ! quanta += 1 - encoded = bytes() + encoded = bytearray() for i in range(quanta): # c1 and c2 are 16 bits wide, c3 is 8 bits wide. The intent of this # code is to process the 40 bits in units of 5 bits. So we take the 1 @@ -187,14 +187,14 @@ def b32encode(s): ]) # Adjust for any leftover partial quanta if leftover == 1: - return encoded[:-6] + b'======' + encoded[-6:] = b'======' elif leftover == 2: - return encoded[:-4] + b'====' + encoded[-4:] = b'====' elif leftover == 3: - return encoded[:-3] + b'===' + encoded[-3:] = b'===' elif leftover == 4: - return encoded[:-1] + b'=' - return encoded + encoded[-1:] = b'=' + return bytes(encoded) def b32decode(s, casefold=False, map01=None): diff --git a/Misc/NEWS b/Misc/NEWS index 1a516b773960..a7435f663ab1 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -24,6 +24,8 @@ Core and Builtins Library ------- +- Issue #17812: Fixed quadratic complexity of base64.b32encode(). + - Issue #17980: Fix possible abuse of ssl.match_hostname() for denial of service using certificates with many wildcards (CVE-2013-2099).