diff options
author | Dwayne C. Litzenberger <dlitz@dlitz.net> | 2009-02-06 08:09:37 -0500 |
---|---|---|
committer | Dwayne C. Litzenberger <dlitz@dlitz.net> | 2009-02-06 08:14:52 -0500 |
commit | d1c4875e1f220652fe7ff8358f56dee3b2aba31b (patch) | |
tree | d087280d7e9643a3e3f68f209932119fe6738b3c /src/ARC2.c | |
parent | fd73731dfad451a81056fbb01e09aa78ab82eb5d (diff) | |
download | pycrypto-d1c4875e1f220652fe7ff8358f56dee3b2aba31b.tar.gz |
ARC2: Fix buffer overflow
Thanks to Mike Wiacek <mjwiacek@google.com> from the Google Security Team for
reporting this bug.
Diffstat (limited to 'src/ARC2.c')
-rw-r--r-- | src/ARC2.c | 7 |
1 files changed, 7 insertions, 0 deletions
@@ -11,6 +11,7 @@ */ #include <string.h> +#include "Python.h" #define MODULE_NAME ARC2 #define BLOCK_SIZE 8 @@ -144,6 +145,12 @@ block_init(block_state *self, U8 *key, int keylength) 197,243,219, 71,229,165,156,119, 10,166, 32,104,254,127,193,173 }; + if ((U32)keylength > sizeof(self->xkey)) { + PyErr_SetString(PyExc_ValueError, + "ARC2 key length must be less than 128 bytes"); + return; + } + memcpy(self->xkey, key, keylength); /* Phase 1: Expand input key to 128 bytes */ |