diff options
| author |   Jesus Rivero <neurogeek@gentoo.org> | 2009-03-04 04:44:45 +0000 |
|---|---|---|
| committer | Jesus Rivero <neurogeek@gentoo.org> | 2009-03-04 04:44:45 +0000 |
| commit | f1b9a72ef70c850e1d1a3ac89310e1974beab7ed (patch) | |
| tree | b33f71c0a3de16a5777663a7d8df8e6f35952769 /dev-python/pycrypto/files | |
| parent | Version bump, drop old (diff) | |
| download | gentoo-2-f1b9a72ef70c850e1d1a3ac89310e1974beab7ed.tar.gz gentoo-2-f1b9a72ef70c850e1d1a3ac89310e1974beab7ed.tar.bz2 gentoo-2-f1b9a72ef70c850e1d1a3ac89310e1974beab7ed.zip | |
Added patch for Buffer Overflow in ARC2 module. Bug #258049. CVE-2009-0544
(Portage version: 2.2_rc16/cvs/Linux 2.6.18-gentoo-r3 i686)
Diffstat (limited to 'dev-python/pycrypto/files')
| -rw-r--r-- | dev-python/pycrypto/files/pycrypto-2.0.1-CVE-2009-0544.patch | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/dev-python/pycrypto/files/pycrypto-2.0.1-CVE-2009-0544.patch b/dev-python/pycrypto/files/pycrypto-2.0.1-CVE-2009-0544.patch new file mode 100644 index 000000000000..9a4734cf608d --- /dev/null +++ b/dev-python/pycrypto/files/pycrypto-2.0.1-CVE-2009-0544.patch @@ -0,0 +1,23 @@ +--- src/ARC2.c.orig 2009-03-03 23:53:08.000000000 -0430 ++++ src/ARC2.c 2009-03-03 23:53:08.000000000 -0430 +@@ -11,6 +11,7 @@ + */ + + #include <string.h> ++#include "Python.h" + + #define MODULE_NAME ARC2 + #define BLOCK_SIZE 8 +@@ -146,6 +147,12 @@ + We'll hardwire it to 1024. */ + #define bits 1024 + ++ if ((U32)keylength > sizeof(self->xkey)) { ++ PyErr_SetString(PyExc_ValueError, ++ "ARC2 key length must be less than 128 bytes"); ++ return; ++ } ++ + memcpy(self->xkey, key, keylength); + + /* Phase 1: Expand input key to 128 bytes */ |