traverseda
/
cpython
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

bpo-40645: restrict HMAC key len to INT_MAX (GH-20238) 

Signed-off-by: Christian Heimes <christian@python.org>

Automerge-Triggered-By: @tiran
(cherry picked from commit aca4670ad6)

Co-authored-by: Christian Heimes <christian@python.org>
This commit is contained in:
Miss Islington (bot) 2020-05-19 15:52:54 -07:00 committed by GitHub
parent 059279d870
commit 6ed37430d3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Modules/_hashopenssl.c
View File

@ -1403,6 +1403,12 @@ _hashlib_hmac_new_impl(PyObject *module, Py_buffer *key, PyObject *msg_obj,
HMACobject *self = NULL;
int r;
if (key->len > INT_MAX) {
PyErr_SetString(PyExc_OverflowError,
"key is too long.");
return NULL;
}
if ((digestmod == NULL) || !strlen(digestmod)) {
PyErr_SetString(
PyExc_TypeError, "Missing required parameter 'digestmod'.");
@ -1424,7 +1430,7 @@ _hashlib_hmac_new_impl(PyObject *module, Py_buffer *key, PyObject *msg_obj,
r = HMAC_Init_ex(
ctx,
(const char*)key->buf,
key->len,
(int)key->len,
digest,
NULL /*impl*/);
if (r == 0) {