[3.9] gh-98517: Fix buffer overflows in _sha3 module (GH-98519) (#98526)

This is a port of the applicable part of XKCP's fix [1] for CVE-2022-37454 and avoids the segmentation fault and the infinite loop in the test cases published in [2]. [1]: https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a [2]: https://mouha.be/sha-3-buffer-overflow/ Regression test added by: Gregory P. Smith [Google LLC] <greg@krypto.org> (cherry picked from commit 0e4e058602d93b88256ff90bbef501ba20be9dd3) Co-authored-by: Theo Buehler <botovq@users.noreply.github.com>
author: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> 2022-10-28 10:08:06 (GMT)
committer: GitHub <noreply@github.com> 2022-10-28 10:08:06 (GMT)
commit: 857efee6d2d43c5c12fc7e377ce437144c728ab8 (patch)
tree: 5b27c71e5875810aa26922e100738f9a02a6951d /Misc
parent: 71a075aaee97f8950ecf6de4a10562e66afec17b (diff)
download: cpython-857efee6d2d43c5c12fc7e377ce437144c728ab8.zip
cpython-857efee6d2d43c5c12fc7e377ce437144c728ab8.tar.gz
cpython-857efee6d2d43c5c12fc7e377ce437144c728ab8.tar.bz2
1 files changed, 1 insertions, 0 deletions
diff --git a/Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst b/Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst
new file mode 100644
index 0000000..2d23a6a
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst
@@ -0,0 +1 @@
+Port XKCP's fix for the buffer overflows in SHA-3 (CVE-2022-37454).
author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>	2022-10-28 10:08:06 (GMT)
committer	GitHub <noreply@github.com>	2022-10-28 10:08:06 (GMT)
commit	857efee6d2d43c5c12fc7e377ce437144c728ab8 (patch)
tree	5b27c71e5875810aa26922e100738f9a02a6951d /Misc
parent	71a075aaee97f8950ecf6de4a10562e66afec17b (diff)
download	cpython-857efee6d2d43c5c12fc7e377ce437144c728ab8.zip cpython-857efee6d2d43c5c12fc7e377ce437144c728ab8.tar.gz cpython-857efee6d2d43c5c12fc7e377ce437144c728ab8.tar.bz2