diff options
| author | Benjamin Peterson <benjamin@python.org> | 2008-09-18 01:27:26 (GMT) |
|---|---|---|
| committer | Benjamin Peterson <benjamin@python.org> | 2008-09-18 01:27:26 (GMT) |
| commit | c610afbca4fdd3e70b804f92b798ffdbc3fcf1bb (patch) | |
| tree | 6b335c4cfb241cf1fb9d245aec4591c1375ae7cb /Modules | |
| parent | 308334d6a483b3f2cd0a02837f9af2b141d46c30 (diff) | |
| download | cpython-c610afbca4fdd3e70b804f92b798ffdbc3fcf1bb.zip cpython-c610afbca4fdd3e70b804f92b798ffdbc3fcf1bb.tar.gz cpython-c610afbca4fdd3e70b804f92b798ffdbc3fcf1bb.tar.bz2 | |
backport r66496: integer overflow in _hashopenssl #3886
Diffstat (limited to 'Modules')
| -rw-r--r-- | Modules/_hashopenssl.c | 51 |
1 files changed, 42 insertions, 9 deletions
diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c index 859644f..f928c3c 100644 --- a/Modules/_hashopenssl.c +++ b/Modules/_hashopenssl.c @@ -19,6 +19,8 @@ /* EVP is the preferred interface to hashing in OpenSSL */ #include <openssl/evp.h> +#define MUNCH_SIZE INT_MAX + #ifndef HASH_OBJ_CONSTRUCTOR #define HASH_OBJ_CONSTRUCTOR 0 @@ -164,9 +166,18 @@ EVP_update(EVPobject *self, PyObject *args) if (!PyArg_ParseTuple(args, "s#:update", &cp, &len)) return NULL; + if (len > 0 && len <= MUNCH_SIZE) { EVP_DigestUpdate(&self->ctx, cp, Py_SAFE_DOWNCAST(len, Py_ssize_t, unsigned int)); - + } else { + Py_ssize_t offset = 0; + while (len) { + unsigned int process = len > MUNCH_SIZE ? MUNCH_SIZE : len; + EVP_DigestUpdate(&self->ctx, cp + offset, process); + len -= process; + offset += process; + } + } Py_INCREF(Py_None); return Py_None; } @@ -255,10 +266,21 @@ EVP_tp_init(EVPobject *self, PyObject *args, PyObject *kwds) self->name = name_obj; Py_INCREF(self->name); - if (cp && len) + if (cp && len) { + if (len > 0 && len <= MUNCH_SIZE) { EVP_DigestUpdate(&self->ctx, cp, Py_SAFE_DOWNCAST(len, Py_ssize_t, unsigned int)); - + } else { + Py_ssize_t offset = 0; + while (len) { + unsigned int process = len > MUNCH_SIZE ? MUNCH_SIZE : len; + EVP_DigestUpdate(&self->ctx, cp + offset, process); + len -= process; + offset += process; + } + } + } + return 0; } #endif @@ -328,7 +350,7 @@ static PyTypeObject EVPtype = { static PyObject * EVPnew(PyObject *name_obj, const EVP_MD *digest, const EVP_MD_CTX *initial_ctx, - const unsigned char *cp, unsigned int len) + const unsigned char *cp, Py_ssize_t len) { EVPobject *self; @@ -346,8 +368,20 @@ EVPnew(PyObject *name_obj, EVP_DigestInit(&self->ctx, digest); } - if (cp && len) - EVP_DigestUpdate(&self->ctx, cp, len); + if (cp && len) { + if (len > 0 && len <= MUNCH_SIZE) { + EVP_DigestUpdate(&self->ctx, cp, Py_SAFE_DOWNCAST(len, Py_ssize_t, + unsigned int)); + } else { + Py_ssize_t offset = 0; + while (len) { + unsigned int process = len > MUNCH_SIZE ? MUNCH_SIZE : len; + EVP_DigestUpdate(&self->ctx, cp + offset, process); + len -= process; + offset += process; + } + } + } return (PyObject *)self; } @@ -384,8 +418,7 @@ EVP_new(PyObject *self, PyObject *args, PyObject *kwdict) digest = EVP_get_digestbyname(name); - return EVPnew(name_obj, digest, NULL, cp, Py_SAFE_DOWNCAST(len, Py_ssize_t, - unsigned int)); + return EVPnew(name_obj, digest, NULL, cp, len); } /* @@ -410,7 +443,7 @@ EVP_new(PyObject *self, PyObject *args, PyObject *kwdict) CONST_ ## NAME ## _name_obj, \ NULL, \ CONST_new_ ## NAME ## _ctx_p, \ - cp, Py_SAFE_DOWNCAST(len, Py_ssize_t, unsigned int)); \ + cp, len); \ } /* a PyMethodDef structure for the constructor */ |