From: Dwayne C. Litzenberger <dlitz@dlitz.net>
Date: Fri, 6 Feb 2009 13:09:37 +0000 (-0500)
Subject: ARC2: Fix buffer overflow
X-Git-Url: http://gitweb2.dlitz.net/?p=crypto%2Fpycrypto-2.x.git;a=commitdiff_plain;h=d1c4875e1f220652fe7ff8358f56dee3b2aba31b

ARC2: Fix buffer overflow

Thanks to Mike Wiacek <mjwiacek@google.com> from the Google Security Team for
reporting this bug.
---

diff --git a/src/ARC2.c b/src/ARC2.c
index eb61713..35d9151 100644
--- a/src/ARC2.c
+++ b/src/ARC2.c
@@ -11,6 +11,7 @@
  */
 
 #include <string.h>  
+#include "Python.h"
 
 #define MODULE_NAME ARC2
 #define BLOCK_SIZE 8
@@ -144,6 +145,12 @@ block_init(block_state *self, U8 *key, int keylength)
 		197,243,219, 71,229,165,156,119, 10,166, 32,104,254,127,193,173
         };
 
+	if ((U32)keylength > sizeof(self->xkey)) {
+		PyErr_SetString(PyExc_ValueError,
+				"ARC2 key length must be less than 128 bytes");
+		return;
+	}
+
 	memcpy(self->xkey, key, keylength);
   
 	/* Phase 1: Expand input key to 128 bytes */