summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>2020-05-19 22:52:54 (GMT)
committerGitHub <noreply@github.com>2020-05-19 22:52:54 (GMT)
commit6ed37430d31e915103ab5decd14d757eb2d159d5 (patch)
tree900f6043e014fe91ae31c50dcd01d0f598d4c019
parent059279d8706074489144f6ba8ccc8723e0b85007 (diff)
downloadcpython-6ed37430d31e915103ab5decd14d757eb2d159d5.zip
cpython-6ed37430d31e915103ab5decd14d757eb2d159d5.tar.gz
cpython-6ed37430d31e915103ab5decd14d757eb2d159d5.tar.bz2
bpo-40645: restrict HMAC key len to INT_MAX (GH-20238)
Signed-off-by: Christian Heimes <christian@python.org> Automerge-Triggered-By: @tiran (cherry picked from commit aca4670ad695d4b01c7880fe3d0af817421945bd) Co-authored-by: Christian Heimes <christian@python.org>
-rw-r--r--Modules/_hashopenssl.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
index 36ad6a6..674bddc 100644
--- a/Modules/_hashopenssl.c
+++ b/Modules/_hashopenssl.c
@@ -1403,6 +1403,12 @@ _hashlib_hmac_new_impl(PyObject *module, Py_buffer *key, PyObject *msg_obj,
HMACobject *self = NULL;
int r;
+ if (key->len > INT_MAX) {
+ PyErr_SetString(PyExc_OverflowError,
+ "key is too long.");
+ return NULL;
+ }
+
if ((digestmod == NULL) || !strlen(digestmod)) {
PyErr_SetString(
PyExc_TypeError, "Missing required parameter 'digestmod'.");
@@ -1424,7 +1430,7 @@ _hashlib_hmac_new_impl(PyObject *module, Py_buffer *key, PyObject *msg_obj,
r = HMAC_Init_ex(
ctx,
(const char*)key->buf,
- key->len,
+ (int)key->len,
digest,
NULL /*impl*/);
if (r == 0) {