Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 159422 Details for
Bug 230640
dev-lang/python <2.4.4-r14 integer overflows (CVE-2008-2315, CVE-2008-2316)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
CVE-2008-2316 patch trunk
CVE-2008-2316-trunk.diff (text/plain), 4.81 KB, created by
Matthias Geerdsen (RETIRED)
on 2008-07-03 14:46:13 UTC
(
hide
)
Description:
CVE-2008-2316 patch trunk
Filename:
MIME Type:
Creator:
Matthias Geerdsen (RETIRED)
Created:
2008-07-03 14:46:13 UTC
Size:
4.81 KB
patch
obsolete
>Index: Lib/test/test_hashlib.py >=================================================================== >--- Lib/test/test_hashlib.py (revision 64624) >+++ Lib/test/test_hashlib.py (working copy) >@@ -9,8 +9,8 @@ > import hashlib > import unittest > from test import test_support >+from test.test_support import _4G, precisionbigmemtest > >- > def hexstr(s): > import string > h = string.hexdigits >@@ -55,7 +55,6 @@ > m2.update(aas + bees + cees) > self.assertEqual(m1.digest(), m2.digest()) > >- > def check(self, name, data, digest): > # test the direct constructors > computed = getattr(hashlib, name)(data).hexdigest() >@@ -74,8 +73,23 @@ > def test_case_md5_2(self): > self.check('md5', 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789', > 'd174ab98d277d9f5a5611c2c9f419d9f') >+ >+ @precisionbigmemtest(size=_4G + 5, memuse=1) >+ def test_case_md5_huge(self, size): >+ if size == _4G + 5: >+ try: >+ self.check('md5', 'A'*size, 'c9af2dff37468ce5dfee8f2cfc0a9c6d') >+ except OverflowError: >+ pass # 32-bit arch >+ >+ @precisionbigmemtest(size=_4G - 1, memuse=1) >+ def test_case_md5_uintmax(self, size): >+ if size == _4G - 1: >+ try: >+ self.check('md5', 'A'*size, '28138d306ff1b8281f1a9067e1a1a2b3') >+ except OverflowError: >+ pass # 32-bit arch > >- > # use the three examples from Federal Information Processing Standards > # Publication 180-1, Secure Hash Standard, 1995 April 17 > # http://www.itl.nist.gov/div897/pubs/fip180-1.htm >Index: Modules/_hashopenssl.c >=================================================================== >--- Modules/_hashopenssl.c (revision 64624) >+++ Modules/_hashopenssl.c (working copy) >@@ -19,7 +19,9 @@ > /* EVP is the preferred interface to hashing in OpenSSL */ > #include <openssl/evp.h> > >+#define MUNCH_SIZE INT_MAX > >+ > #ifndef HASH_OBJ_CONSTRUCTOR > #define HASH_OBJ_CONSTRUCTOR 0 > #endif >@@ -164,9 +166,18 @@ > if (!PyArg_ParseTuple(args, "s#:update", &cp, &len)) > return NULL; > >+ if (len > 0 && len <= MUNCH_SIZE) { > EVP_DigestUpdate(&self->ctx, cp, Py_SAFE_DOWNCAST(len, Py_ssize_t, > unsigned int)); >- >+ } else { >+ Py_ssize_t offset = 0; >+ while (len) { >+ unsigned int process = len > MUNCH_SIZE ? MUNCH_SIZE : len; >+ EVP_DigestUpdate(&self->ctx, cp + offset, process); >+ len -= process; >+ offset += process; >+ } >+ } > Py_INCREF(Py_None); > return Py_None; > } >@@ -255,10 +266,21 @@ > self->name = name_obj; > Py_INCREF(self->name); > >- if (cp && len) >+ if (cp && len) { >+ if (len > 0 && len <= MUNCH_SIZE) { > EVP_DigestUpdate(&self->ctx, cp, Py_SAFE_DOWNCAST(len, Py_ssize_t, > unsigned int)); >- >+ } else { >+ Py_ssize_t offset = 0; >+ while (len) { >+ unsigned int process = len > MUNCH_SIZE ? MUNCH_SIZE : len; >+ EVP_DigestUpdate(&self->ctx, cp + offset, process); >+ len -= process; >+ offset += process; >+ } >+ } >+ } >+ > return 0; > } > #endif >@@ -327,7 +349,7 @@ > static PyObject * > EVPnew(PyObject *name_obj, > const EVP_MD *digest, const EVP_MD_CTX *initial_ctx, >- const unsigned char *cp, unsigned int len) >+ const unsigned char *cp, Py_ssize_t len) > { > EVPobject *self; > >@@ -345,8 +367,20 @@ > EVP_DigestInit(&self->ctx, digest); > } > >- if (cp && len) >- EVP_DigestUpdate(&self->ctx, cp, len); >+ if (cp && len) { >+ if (len > 0 && len <= MUNCH_SIZE) { >+ EVP_DigestUpdate(&self->ctx, cp, Py_SAFE_DOWNCAST(len, Py_ssize_t, >+ unsigned int)); >+ } else { >+ Py_ssize_t offset = 0; >+ while (len) { >+ unsigned int process = len > MUNCH_SIZE ? MUNCH_SIZE : len; >+ EVP_DigestUpdate(&self->ctx, cp + offset, process); >+ len -= process; >+ offset += process; >+ } >+ } >+ } > > return (PyObject *)self; > } >@@ -383,8 +417,7 @@ > > digest = EVP_get_digestbyname(name); > >- return EVPnew(name_obj, digest, NULL, cp, Py_SAFE_DOWNCAST(len, Py_ssize_t, >- unsigned int)); >+ return EVPnew(name_obj, digest, NULL, cp, len); > } > > /* >@@ -409,7 +442,7 @@ > CONST_ ## NAME ## _name_obj, \ > NULL, \ > CONST_new_ ## NAME ## _ctx_p, \ >- cp, Py_SAFE_DOWNCAST(len, Py_ssize_t, unsigned int)); \ >+ cp, len); \ > } > > /* a PyMethodDef structure for the constructor */
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 230640
:
159416
|
159418
|
159420
| 159422 |
159424
|
159426
|
160652
|
160655
|
161580
|
161588
|
161617