development/pycrypto/pycrypto-CVE-2009-0544.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

diff -p -up pycrypto-2.0.1/src/ARC2.c.orig pycrypto-2.0.1/src/ARC2.c
--- pycrypto-2.0.1/src/ARC2.c.orig	2002-05-17 10:34:45.000000000 -0300
+++ pycrypto-2.0.1/src/ARC2.c	2009-02-20 13:50:28.000000000 -0300
@@ -11,6 +11,7 @@
  */
 
 #include <string.h>  
+#include "Python.h"
 
 #define MODULE_NAME ARC2
 #define BLOCK_SIZE 8
@@ -146,6 +147,12 @@ block_init(block_state *self, U8 *key, i
 	   We'll hardwire it to 1024. */
 #define bits 1024
 
+        if ((U32)keylength > sizeof(self->xkey)) {
+                PyErr_SetString(PyExc_ValueError,
+                                "ARC2 key length must be less than 128 bytes");
+                return;
+        }
+ 
 	memcpy(self->xkey, key, keylength);
   
 	/* Phase 1: Expand input key to 128 bytes */