pycrypto: fixing CVE-2009-0544

git-svn-id: svn+slack://slack.fluxo.info/var/svn/slackbuilds@2112 370017ae-e619-0410-ac65-c121f96126d4

1 files changed, 36 insertions, 0 deletions

diff --git a/dev/python/pycrypto/pycrypto-2.0.1.diff b/dev/python/pycrypto/pycrypto-2.0.1.diff
new file mode 100644
index 00000000..77f85764
--- /dev/null
+++ b/dev/python/pycrypto/pycrypto-2.0.1.diff
@@ -0,0 +1,36 @@
+From: Dwayne C. Litzenberger <dlitz@dlitz.net>
+Date: Fri, 6 Feb 2009 13:09:37 +0000 (-0500)
+Subject: ARC2: Fix buffer overflow
+X-Git-Url: http://gitweb2.dlitz.net/?p=crypto%2Fpycrypto-2.x.git;a=commitdiff_plain;h=d1c4875e1f220652fe7ff8358f56dee3b2aba31b
+
+ARC2: Fix buffer overflow
+
+Thanks to Mike Wiacek <mjwiacek@google.com> from the Google Security Team for
+reporting this bug.
+---
+
+diff --git a/src/ARC2.c b/src/ARC2.c
+index eb61713..35d9151 100644
+--- a/src/ARC2.c
++++ b/src/ARC2.c
+@@ -11,6 +11,7 @@
+  */
+ 
+ #include <string.h>  
++#include "Python.h"
+ 
+ #define MODULE_NAME ARC2
+ #define BLOCK_SIZE 8
+@@ -144,6 +145,12 @@ block_init(block_state *self, U8 *key, int keylength)
+ 		197,243,219, 71,229,165,156,119, 10,166, 32,104,254,127,193,173
+         };
+ 
++	if ((U32)keylength > sizeof(self->xkey)) {
++		PyErr_SetString(PyExc_ValueError,
++				"ARC2 key length must be less than 128 bytes");
++		return;
++	}
++
+ 	memcpy(self->xkey, key, keylength);
+   
+ 	/* Phase 1: Expand input key to 128 bytes */