[Python-checkins] cpython (2.7): Closes #15908: SHA1 crashes in 64 bits when the string to hash is bigger than
jesus.cea
python-checkins at python.org
Mon Sep 10 21:04:58 CEST 2012
http://hg.python.org/cpython/rev/a13bfc238f27
changeset: 78974:a13bfc238f27
branch: 2.7
parent: 78971:9ed2e8307e60
user: Jesus Cea <jcea at jcea.es>
date: Mon Sep 10 21:04:42 2012 +0200
summary:
Closes #15908: SHA1 crashes in 64 bits when the string to hash is bigger than 2**32 bytes
files:
Lib/test/test_hashlib.py | 8 ++++++++
Misc/NEWS | 3 +++
Modules/shamodule.c | 19 ++++++++++++++++---
3 files changed, 27 insertions(+), 3 deletions(-)
diff --git a/Lib/test/test_hashlib.py b/Lib/test/test_hashlib.py
--- a/Lib/test/test_hashlib.py
+++ b/Lib/test/test_hashlib.py
@@ -228,6 +228,14 @@
self.check('sha1', "a" * 1000000,
"34aa973cd4c4daa4f61eeb2bdbad27316534016f")
+ @precisionbigmemtest(size=_4G + 5, memuse=1)
+ def test_case_sha1_huge(self, size):
+ if size == _4G + 5:
+ try:
+ self.check('sha1', 'A'*size,
+ '87d745c50e6b2879ffa0fb2c930e9fbfe0dc9a5b')
+ except OverflowError:
+ pass # 32-bit arch
# use the examples from Federal Information Processing Standards
# Publication 180-2, Secure Hash Standard, 2002 August 1
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -244,6 +244,9 @@
- Issue #14888: Fix misbehaviour of the _md5 module when called on data
larger than 2**32 bytes.
+- Issue #15908: Fix misbehaviour of the sha1 module when called on data
+ larger than 2**32 bytes.
+
- Issue #14875: Use float('inf') instead of float('1e66666') in the json module.
- Issue #14572: Prevent build failures with pre-3.5.0 versions of
diff --git a/Modules/shamodule.c b/Modules/shamodule.c
--- a/Modules/shamodule.c
+++ b/Modules/shamodule.c
@@ -536,6 +536,8 @@
static char *kwlist[] = {"string", NULL};
SHAobject *new;
Py_buffer view = { 0 };
+ Py_ssize_t n;
+ unsigned char *buf;
if (!PyArg_ParseTupleAndKeywords(args, kwdict, "|s*:new", kwlist,
&view)) {
@@ -554,10 +556,21 @@
PyBuffer_Release(&view);
return NULL;
}
- if (view.len > 0) {
- sha_update(new, (unsigned char*)view.buf,
- Py_SAFE_DOWNCAST(view.len, Py_ssize_t, unsigned int));
+
+ n = view.len;
+ buf = (unsigned char *) view.buf;
+ while (n > 0) {
+ Py_ssize_t nbytes;
+ if (n > INT_MAX)
+ nbytes = INT_MAX;
+ else
+ nbytes = n;
+ sha_update(new, buf,
+ Py_SAFE_DOWNCAST(nbytes, Py_ssize_t, unsigned int));
+ buf += nbytes;
+ n -= nbytes;
}
+
PyBuffer_Release(&view);
return (PyObject *)new;
--
Repository URL: http://hg.python.org/cpython
More information about the Python-checkins
mailing list