traverseda
/
cpython
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fixes Issue #3745: Fix hashlib to always reject unicode and non 

buffer-api supporting objects as input no matter how it was compiled
(built in implementations or external openssl library).
This commit is contained in:
Gregory P. Smith 2009-02-12 07:35:29 +00:00
parent 3072921d0e
commit 365a1864fd
8 changed files with 133 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Lib/test/test_hashlib.py
View File

@ -63,6 +63,18 @@ class HashLibTestCase(unittest.TestCase):
computed = hashlib.new(name, data).hexdigest() computed = hashlib.new(name, data).hexdigest()
self.assertEqual(computed, digest) self.assertEqual(computed, digest)
def check_no_unicode(self, algorithm_name):
# Unicode objects are not allowed as input.
self.assertRaises(TypeError, getattr(hashlib, algorithm_name), 'spam')
self.assertRaises(TypeError, hashlib.new, algorithm_name, 'spam')
def test_no_unicode(self):
self.check_no_unicode('md5')
self.check_no_unicode('sha1')
self.check_no_unicode('sha224')
self.check_no_unicode('sha256')
self.check_no_unicode('sha384')
self.check_no_unicode('sha512')
def test_case_md5_0(self): def test_case_md5_0(self):
self.check('md5', b'', 'd41d8cd98f00b204e9800998ecf8427e') self.check('md5', b'', 'd41d8cd98f00b204e9800998ecf8427e')

4
Misc/NEWS
View File

@ -491,6 +491,10 @@ C-API
Extension Modules Extension Modules
----------------- -----------------
- Issue #3745: Fix hashlib to always reject unicode and non buffer-api
supporting objects as input no matter how it was compiled (built in
implementations or external openssl library).
- Issue #4397: Fix occasional test_socket failure on OS X. - Issue #4397: Fix occasional test_socket failure on OS X.
- Issue #4279: Fix build of parsermodule under Cygwin. - Issue #4279: Fix build of parsermodule under Cygwin.

31
Modules/_hashopenssl.c
View File

@ -15,6 +15,7 @@
#include "Python.h" #include "Python.h"
#include "structmember.h" #include "structmember.h"
#include "hashlib.h"
/* EVP is the preferred interface to hashing in OpenSSL */ /* EVP is the preferred interface to hashing in OpenSSL */
#include <openssl/evp.h> #include <openssl/evp.h>
@ -203,28 +204,6 @@ EVP_hexdigest(EVPobject *self, PyObject *unused)
return retval; return retval;
} }
#define MY_GET_BUFFER_VIEW_OR_ERROUT(obj, viewp) do { \
if (PyUnicode_Check((obj))) { \
PyErr_SetString(PyExc_TypeError, \
"Unicode-objects must be encoded before hashing");\
return NULL; \
} \
if (!PyObject_CheckBuffer((obj))) { \
PyErr_SetString(PyExc_TypeError, \
"object supporting the buffer API required"); \
return NULL; \
} \
if (PyObject_GetBuffer((obj), (viewp), PyBUF_SIMPLE) == -1) { \
return NULL; \
} \
if ((viewp)->ndim > 1) { \
PyErr_SetString(PyExc_BufferError, \
"Buffer must be single dimension"); \
PyBuffer_Release((viewp)); \
return NULL; \
} \
} while(0);
PyDoc_STRVAR(EVP_update__doc__, PyDoc_STRVAR(EVP_update__doc__,
"Update this hash object's state with the provided string."); "Update this hash object's state with the provided string.");
@ -237,7 +216,7 @@ EVP_update(EVPobject *self, PyObject *args)
if (!PyArg_ParseTuple(args, "O:update", &obj)) if (!PyArg_ParseTuple(args, "O:update", &obj))
return NULL; return NULL;
MY_GET_BUFFER_VIEW_OR_ERROUT(obj, &view); GET_BUFFER_VIEW_OR_ERROUT(obj, &view);
#ifdef WITH_THREAD #ifdef WITH_THREAD
if (self->lock == NULL && view.len >= HASHLIB_GIL_MINSIZE) { if (self->lock == NULL && view.len >= HASHLIB_GIL_MINSIZE) {
@ -344,7 +323,7 @@ EVP_tp_init(EVPobject *self, PyObject *args, PyObject *kwds)
} }
if (data_obj) if (data_obj)
MY_GET_BUFFER_VIEW_OR_ERROUT(data_obj, &view); GET_BUFFER_VIEW_OR_ERROUT(data_obj, &view);
if (!PyArg_Parse(name_obj, "s", &nameStr)) { if (!PyArg_Parse(name_obj, "s", &nameStr)) {
PyErr_SetString(PyExc_TypeError, "name must be a string"); PyErr_SetString(PyExc_TypeError, "name must be a string");
@ -507,7 +486,7 @@ EVP_new(PyObject *self, PyObject *args, PyObject *kwdict)
} }
if (data_obj) if (data_obj)
MY_GET_BUFFER_VIEW_OR_ERROUT(data_obj, &view); GET_BUFFER_VIEW_OR_ERROUT(data_obj, &view);
digest = EVP_get_digestbyname(name); digest = EVP_get_digestbyname(name);
@ -538,7 +517,7 @@ EVP_new(PyObject *self, PyObject *args, PyObject *kwdict)
} \ } \
\ \
if (data_obj) \ if (data_obj) \
MY_GET_BUFFER_VIEW_OR_ERROUT(data_obj, &view); \ GET_BUFFER_VIEW_OR_ERROUT(data_obj, &view); \
\ \
ret_obj = EVPnew( \ ret_obj = EVPnew( \
CONST_ ## NAME ## _name_obj, \ CONST_ ## NAME ## _name_obj, \

28
Modules/hashlib.h Normal file
View File

@ -0,0 +1,28 @@
/* Common code for use by all hashlib related modules. */
/*
* Given a PyObject* obj, fill in the Py_buffer* viewp with the result
* of PyObject_GetBuffer. Sets and exception and issues a return NULL
* on any errors.
*/
#define GET_BUFFER_VIEW_OR_ERROUT(obj, viewp) do { \
if (PyUnicode_Check((obj))) { \
PyErr_SetString(PyExc_TypeError, \
"Unicode-objects must be encoded before hashing");\
return NULL; \
} \
if (!PyObject_CheckBuffer((obj))) { \
PyErr_SetString(PyExc_TypeError, \
"object supporting the buffer API required"); \
return NULL; \
} \
if (PyObject_GetBuffer((obj), (viewp), PyBUF_SIMPLE) == -1) { \
return NULL; \
} \
if ((viewp)->ndim > 1) { \
PyErr_SetString(PyExc_BufferError, \
"Buffer must be single dimension"); \
PyBuffer_Release((viewp)); \
return NULL; \
} \
} while(0);

17
Modules/md5module.c
View File

@ -17,6 +17,7 @@
/* MD5 objects */ /* MD5 objects */
#include "Python.h" #include "Python.h"
#include "hashlib.h"
/* Some useful types */ /* Some useful types */
@ -411,11 +412,14 @@ PyDoc_STRVAR(MD5_update__doc__,
static PyObject * static PyObject *
MD5_update(MD5object *self, PyObject *args) MD5_update(MD5object *self, PyObject *args)
{ {
PyObject *obj;
Py_buffer buf; Py_buffer buf;
if (!PyArg_ParseTuple(args, "s*:update", &buf)) if (!PyArg_ParseTuple(args, "O:update", &obj))
return NULL; return NULL;
GET_BUFFER_VIEW_OR_ERROUT(obj, &buf);
md5_process(&self->hash_state, buf.buf, buf.len); md5_process(&self->hash_state, buf.buf, buf.len);
PyBuffer_Release(&buf); PyBuffer_Release(&buf);
@ -511,14 +515,17 @@ MD5_new(PyObject *self, PyObject *args, PyObject *kwdict)
{ {
static char *kwlist[] = {"string", NULL}; static char *kwlist[] = {"string", NULL};
MD5object *new; MD5object *new;
PyObject *data_obj = NULL;
Py_buffer buf; Py_buffer buf;
buf.buf = NULL;
if (!PyArg_ParseTupleAndKeywords(args, kwdict, "|s*:new", kwlist, if (!PyArg_ParseTupleAndKeywords(args, kwdict, "|O:new", kwlist,
&buf)) { &data_obj)) {
return NULL; return NULL;
} }
if (data_obj)
GET_BUFFER_VIEW_OR_ERROUT(data_obj, &buf);
if ((new = newMD5object()) == NULL) if ((new = newMD5object()) == NULL)
return NULL; return NULL;
@ -528,7 +535,7 @@ MD5_new(PyObject *self, PyObject *args, PyObject *kwdict)
Py_DECREF(new); Py_DECREF(new);
return NULL; return NULL;
} }
if (buf.buf) { if (data_obj) {
md5_process(&new->hash_state, buf.buf, buf.len); md5_process(&new->hash_state, buf.buf, buf.len);
PyBuffer_Release(&buf); PyBuffer_Release(&buf);
} }

17
Modules/sha1module.c
View File

@ -17,6 +17,7 @@
/* SHA1 objects */ /* SHA1 objects */
#include "Python.h" #include "Python.h"
#include "hashlib.h"
/* Some useful types */ /* Some useful types */
@ -387,11 +388,14 @@ PyDoc_STRVAR(SHA1_update__doc__,
static PyObject * static PyObject *
SHA1_update(SHA1object *self, PyObject *args) SHA1_update(SHA1object *self, PyObject *args)
{ {
PyObject *obj;
Py_buffer buf; Py_buffer buf;
if (!PyArg_ParseTuple(args, "s*:update", &buf)) if (!PyArg_ParseTuple(args, "O:update", &obj))
return NULL; return NULL;
GET_BUFFER_VIEW_OR_ERROUT(obj, &buf);
sha1_process(&self->hash_state, buf.buf, buf.len); sha1_process(&self->hash_state, buf.buf, buf.len);
PyBuffer_Release(&buf); PyBuffer_Release(&buf);
@ -487,14 +491,17 @@ SHA1_new(PyObject *self, PyObject *args, PyObject *kwdict)
{ {
static char *kwlist[] = {"string", NULL}; static char *kwlist[] = {"string", NULL};
SHA1object *new; SHA1object *new;
PyObject *data_obj = NULL;
Py_buffer buf; Py_buffer buf;
buf.buf = NULL;
if (!PyArg_ParseTupleAndKeywords(args, kwdict, "|s*:new", kwlist, if (!PyArg_ParseTupleAndKeywords(args, kwdict, "|O:new", kwlist,
&buf)) { &data_obj)) {
return NULL; return NULL;
} }
if (data_obj)
GET_BUFFER_VIEW_OR_ERROUT(data_obj, &buf);
if ((new = newSHA1object()) == NULL) if ((new = newSHA1object()) == NULL)
return NULL; return NULL;
@ -504,7 +511,7 @@ SHA1_new(PyObject *self, PyObject *args, PyObject *kwdict)
Py_DECREF(new); Py_DECREF(new);
return NULL; return NULL;
} }
if (buf.buf) { if (data_obj) {
sha1_process(&new->hash_state, buf.buf, buf.len); sha1_process(&new->hash_state, buf.buf, buf.len);
PyBuffer_Release(&buf); PyBuffer_Release(&buf);
} }

46
Modules/sha256module.c
View File

@ -18,6 +18,7 @@
#include "Python.h" #include "Python.h"
#include "structmember.h" #include "structmember.h"
#include "hashlib.h"
/* Endianness testing and definitions */ /* Endianness testing and definitions */
@ -480,14 +481,17 @@ PyDoc_STRVAR(SHA256_update__doc__,
static PyObject * static PyObject *
SHA256_update(SHAobject *self, PyObject *args) SHA256_update(SHAobject *self, PyObject *args)
{ {
unsigned char *cp; PyObject *obj;
int len; Py_buffer buf;
if (!PyArg_ParseTuple(args, "s#:update", &cp, &len)) if (!PyArg_ParseTuple(args, "O:update", &obj))
return NULL; return NULL;
sha_update(self, cp, len); GET_BUFFER_VIEW_OR_ERROUT(obj, &buf);
sha_update(self, buf.buf, buf.len);
PyBuffer_Release(&buf);
Py_INCREF(Py_None); Py_INCREF(Py_None);
return Py_None; return Py_None;
} }
@ -614,14 +618,17 @@ SHA256_new(PyObject *self, PyObject *args, PyObject *kwdict)
{ {
static char *kwlist[] = {"string", NULL}; static char *kwlist[] = {"string", NULL};
SHAobject *new; SHAobject *new;
unsigned char *cp = NULL; PyObject *data_obj = NULL;
int len; Py_buffer buf;
if (!PyArg_ParseTupleAndKeywords(args, kwdict, "|s#:new", kwlist, if (!PyArg_ParseTupleAndKeywords(args, kwdict, "|O:new", kwlist,
&cp, &len)) { &data_obj)) {
return NULL; return NULL;
} }
if (data_obj)
GET_BUFFER_VIEW_OR_ERROUT(data_obj, &buf);
if ((new = newSHA256object()) == NULL) if ((new = newSHA256object()) == NULL)
return NULL; return NULL;
@ -631,8 +638,10 @@ SHA256_new(PyObject *self, PyObject *args, PyObject *kwdict)
Py_DECREF(new); Py_DECREF(new);
return NULL; return NULL;
} }
if (cp) if (data_obj) {
sha_update(new, cp, len); sha_update(new, buf.buf, buf.len);
PyBuffer_Release(&buf);
}
return (PyObject *)new; return (PyObject *)new;
} }
@ -645,14 +654,17 @@ SHA224_new(PyObject *self, PyObject *args, PyObject *kwdict)
{ {
static char *kwlist[] = {"string", NULL}; static char *kwlist[] = {"string", NULL};
SHAobject *new; SHAobject *new;
unsigned char *cp = NULL; PyObject *data_obj = NULL;
int len; Py_buffer buf;
if (!PyArg_ParseTupleAndKeywords(args, kwdict, "|s#:new", kwlist, if (!PyArg_ParseTupleAndKeywords(args, kwdict, "|O:new", kwlist,
&cp, &len)) { &data_obj)) {
return NULL; return NULL;
} }
if (data_obj)
GET_BUFFER_VIEW_OR_ERROUT(data_obj, &buf);
if ((new = newSHA224object()) == NULL) if ((new = newSHA224object()) == NULL)
return NULL; return NULL;
@ -662,8 +674,10 @@ SHA224_new(PyObject *self, PyObject *args, PyObject *kwdict)
Py_DECREF(new); Py_DECREF(new);
return NULL; return NULL;
} }
if (cp) if (data_obj) {
sha_update(new, cp, len); sha_update(new, buf.buf, buf.len);
PyBuffer_Release(&buf);
}
return (PyObject *)new; return (PyObject *)new;
} }

46
Modules/sha512module.c
View File

@ -18,6 +18,7 @@
#include "Python.h" #include "Python.h"
#include "structmember.h" #include "structmember.h"
#include "hashlib.h"
#ifdef PY_LONG_LONG /* If no PY_LONG_LONG, don't compile anything! */ #ifdef PY_LONG_LONG /* If no PY_LONG_LONG, don't compile anything! */
@ -546,14 +547,17 @@ PyDoc_STRVAR(SHA512_update__doc__,
static PyObject * static PyObject *
SHA512_update(SHAobject *self, PyObject *args) SHA512_update(SHAobject *self, PyObject *args)
{ {
unsigned char *cp; PyObject *obj;
int len; Py_buffer buf;
if (!PyArg_ParseTuple(args, "s#:update", &cp, &len)) if (!PyArg_ParseTuple(args, "O:update", &obj))
return NULL; return NULL;
sha512_update(self, cp, len); GET_BUFFER_VIEW_OR_ERROUT(obj, &buf);
sha512_update(self, buf.buf, buf.len);
PyBuffer_Release(&buf);
Py_INCREF(Py_None); Py_INCREF(Py_None);
return Py_None; return Py_None;
} }
@ -680,14 +684,17 @@ SHA512_new(PyObject *self, PyObject *args, PyObject *kwdict)
{ {
static char *kwlist[] = {"string", NULL}; static char *kwlist[] = {"string", NULL};
SHAobject *new; SHAobject *new;
unsigned char *cp = NULL; PyObject *data_obj = NULL;
int len; Py_buffer buf;
if (!PyArg_ParseTupleAndKeywords(args, kwdict, "|s#:new", kwlist, if (!PyArg_ParseTupleAndKeywords(args, kwdict, "|O:new", kwlist,
&cp, &len)) { &data_obj)) {
return NULL; return NULL;
} }
if (data_obj)
GET_BUFFER_VIEW_OR_ERROUT(data_obj, &buf);
if ((new = newSHA512object()) == NULL) if ((new = newSHA512object()) == NULL)
return NULL; return NULL;
@ -697,8 +704,10 @@ SHA512_new(PyObject *self, PyObject *args, PyObject *kwdict)
Py_DECREF(new); Py_DECREF(new);
return NULL; return NULL;
} }
if (cp) if (data_obj) {
sha512_update(new, cp, len); sha512_update(new, buf.buf, buf.len);
PyBuffer_Release(&buf);
}
return (PyObject *)new; return (PyObject *)new;
} }
@ -711,14 +720,17 @@ SHA384_new(PyObject *self, PyObject *args, PyObject *kwdict)
{ {
static char *kwlist[] = {"string", NULL}; static char *kwlist[] = {"string", NULL};
SHAobject *new; SHAobject *new;
unsigned char *cp = NULL; PyObject *data_obj = NULL;
int len; Py_buffer buf;
if (!PyArg_ParseTupleAndKeywords(args, kwdict, "|s#:new", kwlist, if (!PyArg_ParseTupleAndKeywords(args, kwdict, "|O:new", kwlist,
&cp, &len)) { &data_obj)) {
return NULL; return NULL;
} }
if (data_obj)
GET_BUFFER_VIEW_OR_ERROUT(data_obj, &buf);
if ((new = newSHA384object()) == NULL) if ((new = newSHA384object()) == NULL)
return NULL; return NULL;
@ -728,8 +740,10 @@ SHA384_new(PyObject *self, PyObject *args, PyObject *kwdict)
Py_DECREF(new); Py_DECREF(new);
return NULL; return NULL;
} }
if (cp) if (data_obj) {
sha512_update(new, cp, len); sha512_update(new, buf.buf, buf.len);
PyBuffer_Release(&buf);
}
return (PyObject *)new; return (PyObject *)new;
} }