diff options
Diffstat (limited to 'dev/python/pycrypto/pycrypto-2.0.1.diff')
| -rw-r--r-- | dev/python/pycrypto/pycrypto-2.0.1.diff | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/dev/python/pycrypto/pycrypto-2.0.1.diff b/dev/python/pycrypto/pycrypto-2.0.1.diff new file mode 100644 index 0000000..77f8576 --- /dev/null +++ b/dev/python/pycrypto/pycrypto-2.0.1.diff @@ -0,0 +1,36 @@ +From: Dwayne C. Litzenberger <dlitz@dlitz.net> +Date: Fri, 6 Feb 2009 13:09:37 +0000 (-0500) +Subject: ARC2: Fix buffer overflow +X-Git-Url: http://gitweb2.dlitz.net/?p=crypto%2Fpycrypto-2.x.git;a=commitdiff_plain;h=d1c4875e1f220652fe7ff8358f56dee3b2aba31b + +ARC2: Fix buffer overflow + +Thanks to Mike Wiacek <mjwiacek@google.com> from the Google Security Team for +reporting this bug. +--- + +diff --git a/src/ARC2.c b/src/ARC2.c +index eb61713..35d9151 100644 +--- a/src/ARC2.c ++++ b/src/ARC2.c +@@ -11,6 +11,7 @@ + */ + + #include <string.h> ++#include "Python.h" + + #define MODULE_NAME ARC2 + #define BLOCK_SIZE 8 +@@ -144,6 +145,12 @@ block_init(block_state *self, U8 *key, int keylength) + 197,243,219, 71,229,165,156,119, 10,166, 32,104,254,127,193,173 + }; + ++ if ((U32)keylength > sizeof(self->xkey)) { ++ PyErr_SetString(PyExc_ValueError, ++ "ARC2 key length must be less than 128 bytes"); ++ return; ++ } ++ + memcpy(self->xkey, key, keylength); + + /* Phase 1: Expand input key to 128 bytes */ |