ARC2: Fix buffer overflow

Thanks to Mike Wiacek <mjwiacek@google.com> from the Google Security Team for reporting this bug.
author: Dwayne C. Litzenberger <dlitz@dlitz.net> 2009-02-06 08:09:37 -0500
committer: Dwayne C. Litzenberger <dlitz@dlitz.net> 2009-02-06 08:14:52 -0500
commit: d1c4875e1f220652fe7ff8358f56dee3b2aba31b (patch)
tree: d087280d7e9643a3e3f68f209932119fe6738b3c /src/ARC2.c
parent: fd73731dfad451a81056fbb01e09aa78ab82eb5d (diff)
download: pycrypto-d1c4875e1f220652fe7ff8358f56dee3b2aba31b.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/src/ARC2.c b/src/ARC2.c
index eb61713..35d9151 100644
--- a/src/ARC2.c
+++ b/src/ARC2.c
@@ -11,6 +11,7 @@
  */
 
 #include <string.h>  
+#include "Python.h"
 
 #define MODULE_NAME ARC2
 #define BLOCK_SIZE 8
@@ -144,6 +145,12 @@ block_init(block_state *self, U8 *key, int keylength)
 		197,243,219, 71,229,165,156,119, 10,166, 32,104,254,127,193,173
         };
 
+	if ((U32)keylength > sizeof(self->xkey)) {
+		PyErr_SetString(PyExc_ValueError,
+				"ARC2 key length must be less than 128 bytes");
+		return;
+	}
+
 	memcpy(self->xkey, key, keylength);
   
 	/* Phase 1: Expand input key to 128 bytes */
author	Dwayne C. Litzenberger <dlitz@dlitz.net>	2009-02-06 08:09:37 -0500
committer	Dwayne C. Litzenberger <dlitz@dlitz.net>	2009-02-06 08:14:52 -0500
commit	d1c4875e1f220652fe7ff8358f56dee3b2aba31b (patch)
tree	d087280d7e9643a3e3f68f209932119fe6738b3c /src/ARC2.c
parent	fd73731dfad451a81056fbb01e09aa78ab82eb5d (diff)
download	pycrypto-d1c4875e1f220652fe7ff8358f56dee3b2aba31b.tar.gz