1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
From: Dwayne C. Litzenberger <dlitz@dlitz.net>
Date: Fri, 6 Feb 2009 13:09:37 +0000 (-0500)
Subject: ARC2: Fix buffer overflow
X-Git-Url: http://gitweb2.dlitz.net/?p=crypto%2Fpycrypto-2.x.git;a=commitdiff_plain;h=d1c4875e1f220652fe7ff8358f56dee3b2aba31b
ARC2: Fix buffer overflow
Thanks to Mike Wiacek <mjwiacek@google.com> from the Google Security Team for
reporting this bug.
---
diff --git a/src/ARC2.c b/src/ARC2.c
index eb61713..35d9151 100644
--- a/src/ARC2.c
+++ b/src/ARC2.c
@@ -11,6 +11,7 @@
*/
#include <string.h>
+#include "Python.h"
#define MODULE_NAME ARC2
#define BLOCK_SIZE 8
@@ -144,6 +145,12 @@ block_init(block_state *self, U8 *key, int keylength)
197,243,219, 71,229,165,156,119, 10,166, 32,104,254,127,193,173
};
+ if ((U32)keylength > sizeof(self->xkey)) {
+ PyErr_SetString(PyExc_ValueError,
+ "ARC2 key length must be less than 128 bytes");
+ return;
+ }
+
memcpy(self->xkey, key, keylength);
/* Phase 1: Expand input key to 128 bytes */
|
