* [gentoo-commits] gentoo-x86 commit in dev-python/pycrypto/files: pycrypto-2.0.1-CVE-2009-0544.patch
@ 2009-03-04 4:44 Jesus Rivero (neurogeek)
0 siblings, 0 replies; only message in thread
From: Jesus Rivero (neurogeek) @ 2009-03-04 4:44 UTC (permalink / raw
To: gentoo-commits
neurogeek 09/03/04 04:44:45
Added: pycrypto-2.0.1-CVE-2009-0544.patch
Log:
Added patch for Buffer Overflow in ARC2 module. Bug #258049. CVE-2009-0544
(Portage version: 2.2_rc16/cvs/Linux 2.6.18-gentoo-r3 i686)
Revision Changes Path
1.1 dev-python/pycrypto/files/pycrypto-2.0.1-CVE-2009-0544.patch
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-python/pycrypto/files/pycrypto-2.0.1-CVE-2009-0544.patch?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-python/pycrypto/files/pycrypto-2.0.1-CVE-2009-0544.patch?rev=1.1&content-type=text/plain
Index: pycrypto-2.0.1-CVE-2009-0544.patch
===================================================================
--- src/ARC2.c.orig 2009-03-03 23:53:08.000000000 -0430
+++ src/ARC2.c 2009-03-03 23:53:08.000000000 -0430
@@ -11,6 +11,7 @@
*/
#include <string.h>
+#include "Python.h"
#define MODULE_NAME ARC2
#define BLOCK_SIZE 8
@@ -146,6 +147,12 @@
We'll hardwire it to 1024. */
#define bits 1024
+ if ((U32)keylength > sizeof(self->xkey)) {
+ PyErr_SetString(PyExc_ValueError,
+ "ARC2 key length must be less than 128 bytes");
+ return;
+ }
+
memcpy(self->xkey, key, keylength);
/* Phase 1: Expand input key to 128 bytes */
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2009-03-04 4:44 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-03-04 4:44 [gentoo-commits] gentoo-x86 commit in dev-python/pycrypto/files: pycrypto-2.0.1-CVE-2009-0544.patch Jesus Rivero (neurogeek)
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox