diff options
| author | Benjamin Peterson <benjamin@python.org> | 2008-09-18 01:22:16 (GMT) |
|---|---|---|
| committer | Benjamin Peterson <benjamin@python.org> | 2008-09-18 01:22:16 (GMT) |
| commit | 8c2b7dc46360f5610e25476c4dc0680ea3b06234 (patch) | |
| tree | 82a11fe0991ba2d04666e86d94f0a5066f2a3f90 /Modules/_hashopenssl.c | |
| parent | b8966ab7538c4a4739a78a93bdeee508ed663d53 (diff) | |
| download | cpython-8c2b7dc46360f5610e25476c4dc0680ea3b06234.zip cpython-8c2b7dc46360f5610e25476c4dc0680ea3b06234.tar.gz cpython-8c2b7dc46360f5610e25476c4dc0680ea3b06234.tar.bz2 | |
fix possible integer overflows in _hashopenssl #3886
Diffstat (limited to 'Modules/_hashopenssl.c')
| -rw-r--r-- | Modules/_hashopenssl.c | 51 |
1 files changed, 42 insertions, 9 deletions
diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c index 8e5121f..497088d 100644 --- a/Modules/_hashopenssl.c +++ b/Modules/_hashopenssl.c @@ -19,6 +19,8 @@ /* EVP is the preferred interface to hashing in OpenSSL */ #include <openssl/evp.h> +#define MUNCH_SIZE INT_MAX + #ifndef HASH_OBJ_CONSTRUCTOR #define HASH_OBJ_CONSTRUCTOR 0 @@ -164,9 +166,18 @@ EVP_update(EVPobject *self, PyObject *args) if (!PyArg_ParseTuple(args, "s#:update", &cp, &len)) return NULL; + if (len > 0 && len <= MUNCH_SIZE) { EVP_DigestUpdate(&self->ctx, cp, Py_SAFE_DOWNCAST(len, Py_ssize_t, unsigned int)); - + } else { + Py_ssize_t offset = 0; + while (len) { + unsigned int process = len > MUNCH_SIZE ? MUNCH_SIZE : len; + EVP_DigestUpdate(&self->ctx, cp + offset, process); + len -= process; + offset += process; + } + } Py_INCREF(Py_None); return Py_None; } @@ -255,10 +266,21 @@ EVP_tp_init(EVPobject *self, PyObject *args, PyObject *kwds) self->name = name_obj; Py_INCREF(self->name); - if (cp && len) + if (cp && len) { + if (len > 0 && len <= MUNCH_SIZE) { EVP_DigestUpdate(&self->ctx, cp, Py_SAFE_DOWNCAST(len, Py_ssize_t, unsigned int)); - + } else { + Py_ssize_t offset = 0; + while (len) { + unsigned int process = len > MUNCH_SIZE ? MUNCH_SIZE : len; + EVP_DigestUpdate(&self->ctx, cp + offset, process); + len -= process; + offset += process; + } + } + } + return 0; } #endif @@ -327,7 +349,7 @@ static PyTypeObject EVPtype = { static PyObject * EVPnew(PyObject *name_obj, const EVP_MD *digest, const EVP_MD_CTX *initial_ctx, - const unsigned char *cp, unsigned int len) + const unsigned char *cp, Py_ssize_t len) { EVPobject *self; @@ -345,8 +367,20 @@ EVPnew(PyObject *name_obj, EVP_DigestInit(&self->ctx, digest); } - if (cp && len) - EVP_DigestUpdate(&self->ctx, cp, len); + if (cp && len) { + if (len > 0 && len <= MUNCH_SIZE) { + EVP_DigestUpdate(&self->ctx, cp, Py_SAFE_DOWNCAST(len, Py_ssize_t, + unsigned int)); + } else { + Py_ssize_t offset = 0; + while (len) { + unsigned int process = len > MUNCH_SIZE ? MUNCH_SIZE : len; + EVP_DigestUpdate(&self->ctx, cp + offset, process); + len -= process; + offset += process; + } + } + } return (PyObject *)self; } @@ -383,8 +417,7 @@ EVP_new(PyObject *self, PyObject *args, PyObject *kwdict) digest = EVP_get_digestbyname(name); - return EVPnew(name_obj, digest, NULL, cp, Py_SAFE_DOWNCAST(len, Py_ssize_t, - unsigned int)); + return EVPnew(name_obj, digest, NULL, cp, len); } /* @@ -409,7 +442,7 @@ EVP_new(PyObject *self, PyObject *args, PyObject *kwdict) CONST_ ## NAME ## _name_obj, \ NULL, \ CONST_new_ ## NAME ## _ctx_p, \ - cp, Py_SAFE_DOWNCAST(len, Py_ssize_t, unsigned int)); \ + cp, len); \ } /* a PyMethodDef structure for the constructor */ |