[pycrypto] Buffer overflow in ARC2.new() with len(key) > 128 bytes
Dwayne C. Litzenberger
dlitz at dlitz.net
Fri Feb 6 18:39:14 CST 2009
Mike Wiacek from the Google Security Team pointed out a buffer overflow in
PyCrypto's ARC2 cipher module, which occurs when attempting to initialize
ARC2 with a key longer than 128 bytes.
The test case is at: http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=fd73731dfad451a81056fbb01e09aa78ab82eb5d
The fix is at: http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=d1c4875e1f220652fe7ff8358f56dee3b2aba31b
Thanks, Mike!
--
Dwayne C. Litzenberger <dlitz at dlitz.net>
Key-signing key - 19E1 1FE8 B3CF F273 ED17 4A24 928C EC13 39C2 5CF7
Annual key (2008) - 4B2A FD82 FC7D 9E38 38D9 179F 1C11 B877 E780 4B45
More information about the pycrypto
mailing list