[proxy] web.archive.org← back | site home | direct (HTTPS) ↗ | proxy home | ◑ dark◐ light
/ cpython Public
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bpo-40645: restrict HMAC key len to INT_MAX #20238

Merged
merged 1 commit into from May 19, 2020
Merged

bpo-40645: restrict HMAC key len to INT_MAX #20238

merged 1 commit into from May 19, 2020

Conversation

Copy link
Member

tiran commented May 19, 2020
edited by miss-islington

Signed-off-by: Christian Heimes christian@python.org

https://bugs.python.org/issue40645

Automerge-Triggered-By: @tiran

bpo-40645: restrict HMAC key len to INT_MAX
113c053 
Signed-off-by: Christian Heimes <christian@python.org>
tiran added the 🤖 automerge PR will be merged once it's been approved and all CI passed label May 19, 2020
vstinner reviewed May 19, 2020
View changes
Modules/_hashopenssl.c
@@ -1403,6 +1403,12 @@ _hashlib_hmac_new_impl(PyObject *module, Py_buffer *key, PyObject *msg_obj,
HMACobject *self = NULL;
int r;

if (key->len > INT_MAX) {
PyErr_SetString(PyExc_OverflowError,
"key is too long.");
Copy link
Member

vstinner May 19, 2020
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"2 GB key should be enough for everyone" :-D

vstinner approved these changes May 19, 2020
View changes
Copy link
Member

vstinner left a comment

LGTM, thanks for the fix.

miss-islington merged commit aca4670 into python:master May 19, 2020
4 checks passed
Copy link
Contributor

miss-islington commented May 19, 2020

Thanks @tiran for the PR 🌮🎉.. I'm working now to backport this PR to: 3.9.
🐍🍒🤖

Copy link

bedevere-bot commented May 19, 2020

GH-20245 is a backport of this pull request to the 3.9 branch.

miss-islington pushed a commit to miss-islington/cpython that referenced this pull request May 19, 2020
bpo-40645: restrict HMAC key len to INT_MAX (pythonGH-20238)
c54c2c0 
Signed-off-by: Christian Heimes <christian@python.org>

Automerge-Triggered-By: @tiran
(cherry picked from commit aca4670)

Co-authored-by: Christian Heimes <christian@python.org>
miss-islington added a commit that referenced this pull request May 19, 2020
bpo-40645: restrict HMAC key len to INT_MAX (GH-20238)
6ed3743 
Signed-off-by: Christian Heimes <christian@python.org>

Automerge-Triggered-By: @tiran
(cherry picked from commit aca4670)

Co-authored-by: Christian Heimes <christian@python.org>
arturoescaip pushed a commit to arturoescaip/cpython that referenced this pull request May 24, 2020
bpo-40645: restrict HMAC key len to INT_MAX (pythonGH-20238)
437b893 
Signed-off-by: Christian Heimes <christian@python.org>

Automerge-Triggered-By: @tiran
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

vstinner

Assignees
No one assigned
Labels
🤖 automerge PR will be merged once it's been approved and all CI passed skip news
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants