[Python-checkins] [3.6] bpo-34922: Fix integer overflow in the digest() and hexdigest() methods (GH-9751) (GH-9798) (GH-9801)

Serhiy Storchaka webhook-mailer at python.org
Thu Oct 11 01:37:41 EDT 2018


https://github.com/python/cpython/commit/69e6ad6cdfa28a7b8e7b8780b07dfcdbfb0e7030
commit: 69e6ad6cdfa28a7b8e7b8780b07dfcdbfb0e7030
branch: 3.6
author: Miss Islington (bot) <31488909+miss-islington at users.noreply.github.com>
committer: Serhiy Storchaka <storchaka at gmail.com>
date: 2018-10-11T08:37:37+03:00
summary:

[3.6] bpo-34922: Fix integer overflow in the digest() and hexdigest() methods (GH-9751) (GH-9798) (GH-9801)

for the SHAKE algorithm in the hashlib module.
(cherry picked from commit 9b8c2e767643256202bb11456ba8665593b9a500)
(cherry picked from commit 8b040e55395b37bdb8fd4ec85a270cfc9ec95307)

Co-authored-by: Serhiy Storchaka <storchaka at gmail.com>

files:
A Misc/NEWS.d/next/Library/2018-10-07-21-18-52.bpo-34922.37IdsA.rst
M Lib/test/test_hashlib.py
M Modules/_sha3/sha3module.c

diff --git a/Lib/test/test_hashlib.py b/Lib/test/test_hashlib.py
index 995fe60a076c..9711856853de 100644
--- a/Lib/test/test_hashlib.py
+++ b/Lib/test/test_hashlib.py
@@ -233,6 +233,20 @@ def test_hexdigest(self):
                 self.assertIsInstance(h.digest(), bytes)
                 self.assertEqual(hexstr(h.digest()), h.hexdigest())
 
+    def test_digest_length_overflow(self):
+        # See issue #34922
+        large_sizes = (2**29, 2**32-10, 2**32+10, 2**61, 2**64-10, 2**64+10)
+        for cons in self.hash_constructors:
+            h = cons()
+            if h.name not in self.shakes:
+                continue
+            for digest in h.digest, h.hexdigest:
+                with self.assertRaises((ValueError, OverflowError)):
+                    digest(-10)
+                for length in large_sizes:
+                    with self.assertRaises((ValueError, OverflowError)):
+                        digest(length)
+
     def test_name_attribute(self):
         for cons in self.hash_constructors:
             h = cons()
diff --git a/Misc/NEWS.d/next/Library/2018-10-07-21-18-52.bpo-34922.37IdsA.rst b/Misc/NEWS.d/next/Library/2018-10-07-21-18-52.bpo-34922.37IdsA.rst
new file mode 100644
index 000000000000..646388688399
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2018-10-07-21-18-52.bpo-34922.37IdsA.rst
@@ -0,0 +1,3 @@
+Fixed integer overflow in the :meth:`~hashlib.shake.digest()` and
+:meth:`~hashlib.shake.hexdigest()` methods for the SHAKE algorithm
+in the :mod:`hashlib` module.
diff --git a/Modules/_sha3/sha3module.c b/Modules/_sha3/sha3module.c
index 8d880d0e7026..2c2b2dbc5c7d 100644
--- a/Modules/_sha3/sha3module.c
+++ b/Modules/_sha3/sha3module.c
@@ -609,7 +609,10 @@ _SHAKE_digest(SHA3object *self, PyObject *digestlen_obj, int hex)
     if (digestlen == (unsigned long) -1 && PyErr_Occurred()) {
         return NULL;
     }
-
+    if (digestlen >= (1 << 29)) {
+        PyErr_SetString(PyExc_ValueError, "length is too large");
+        return NULL;
+    }
     /* ExtractLane needs at least SHA3_MAX_DIGESTSIZE + SHA3_LANESIZE and
      * SHA3_LANESIZE extra space.
      */



More information about the Python-checkins mailing list