diff options
| author |   Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> | 2020-05-19 15:52:54 -0700 |
|---|---|---|
| committer |   GitHub <noreply@github.com> | 2020-05-19 15:52:54 -0700 |
| commit | 6ed37430d31e915103ab5decd14d757eb2d159d5 (patch) | |
| tree | 900f6043e014fe91ae31c50dcd01d0f598d4c019 /Modules | |
| parent | bpo-38870: invalid escape sequence (GH-20240) (diff) | |
| download | cpython-6ed37430d31e915103ab5decd14d757eb2d159d5.tar.gz cpython-6ed37430d31e915103ab5decd14d757eb2d159d5.tar.bz2 cpython-6ed37430d31e915103ab5decd14d757eb2d159d5.zip | |
bpo-40645: restrict HMAC key len to INT_MAX (GH-20238)
Signed-off-by: Christian Heimes <christian@python.org>
Automerge-Triggered-By: @tiran
(cherry picked from commit aca4670ad695d4b01c7880fe3d0af817421945bd)
Co-authored-by: Christian Heimes <christian@python.org>
Diffstat (limited to 'Modules')
| -rw-r--r-- | Modules/_hashopenssl.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c index 36ad6a65d72..674bddc090a 100644 --- a/Modules/_hashopenssl.c +++ b/Modules/_hashopenssl.c @@ -1403,6 +1403,12 @@ _hashlib_hmac_new_impl(PyObject *module, Py_buffer *key, PyObject *msg_obj, HMACobject *self = NULL; int r; + if (key->len > INT_MAX) { + PyErr_SetString(PyExc_OverflowError, + "key is too long."); + return NULL; + } + if ((digestmod == NULL) || !strlen(digestmod)) { PyErr_SetString( PyExc_TypeError, "Missing required parameter 'digestmod'."); @@ -1424,7 +1430,7 @@ _hashlib_hmac_new_impl(PyObject *module, Py_buffer *key, PyObject *msg_obj, r = HMAC_Init_ex( ctx, (const char*)key->buf, - key->len, + (int)key->len, digest, NULL /*impl*/); if (r == 0) { |