mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-09-27 02:39:58 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 13

bpo-40645: restrict HMAC key len to INT_MAX (GH-20238)

Browse source 
Signed-off-by: Christian Heimes <christian@python.org>

Automerge-Triggered-By: @tiran
(cherry picked from commit aca4670ad6)

Co-authored-by: Christian Heimes <christian@python.org>
This commit is contained in:
Miss Islington (bot) 2020-05-19 15:52:54 -07:00 committed by GitHub
parent 059279d870
commit 6ed37430d3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

8
Modules/_hashopenssl.c
View file

@ -1403,6 +1403,12 @@ _hashlib_hmac_new_impl(PyObject *module, Py_buffer *key, PyObject *msg_obj,
HMACobject *self = NULL; HMACobject *self = NULL;
int r; int r;
if (key->len > INT_MAX) {
PyErr_SetString(PyExc_OverflowError,
"key is too long.");
return NULL;
}
if ((digestmod == NULL) || !strlen(digestmod)) { if ((digestmod == NULL) || !strlen(digestmod)) {
PyErr_SetString( PyErr_SetString(
PyExc_TypeError, "Missing required parameter 'digestmod'."); PyExc_TypeError, "Missing required parameter 'digestmod'.");
@ -1424,7 +1430,7 @@ _hashlib_hmac_new_impl(PyObject *module, Py_buffer *key, PyObject *msg_obj,
r = HMAC_Init_ex( r = HMAC_Init_ex(
ctx, ctx,
(const char*)key->buf, (const char*)key->buf,
key->len, (int)key->len,
digest, digest,
NULL /*impl*/); NULL /*impl*/);
if (r == 0) { if (r == 0) {