Merge in release25-maint r60793:

Added checks for integer overflows, contributed by Google. Some are only available if asserts are left in the code, in cases where they can't be triggered from Python code.
author: Gregory P. Smith <greg@mad-scientist.com> 2008-06-11 07:41:16 +0000
committer: Gregory P. Smith <greg@mad-scientist.com> 2008-06-11 07:41:16 +0000
commit: 55d04f9a23e995bfc74182374e4346d839a05c5d (patch)
tree: ec699208494810d2dd64ad20e56e34bf9829eb27 /Modules/md5.c
parent: ead1f7120c99a2b977c089039e00d35dd28de296 (diff)
download: cpython-55d04f9a23e995bfc74182374e4346d839a05c5d.tar.gz
1 files changed, 13 insertions, 0 deletions
diff --git a/Modules/md5.c b/Modules/md5.c
index c35d96c5ef..0e1058f5cc 100644
--- a/Modules/md5.c
+++ b/Modules/md5.c
@@ -53,6 +53,7 @@
 
 #include "md5.h"
 #include <string.h>
+#include <limits.h>
 
 #undef BYTE_ORDER	/* 1 = big-endian, -1 = little-endian, 0 = unknown */
 #ifdef ARCH_IS_BIG_ENDIAN
@@ -330,6 +331,18 @@ md5_append(md5_state_t *pms, const md5_byte_t *data, int nbytes)
     if (nbytes <= 0)
 	return;
 
+    /* this special case is handled recursively */
+    if (nbytes > INT_MAX - offset) {
+        int overlap;
+
+        /* handle the append in two steps to prevent overflow */
+        overlap = 64 - offset;
+
+        md5_append(pms, data, overlap);
+        md5_append(pms, data + overlap, nbytes - overlap); 
+        return;
+    }
+
     /* Update the message length. */
     pms->count[1] += nbytes >> 29;
     pms->count[0] += nbits;
author	Gregory P. Smith <greg@mad-scientist.com>	2008-06-11 07:41:16 +0000
committer	Gregory P. Smith <greg@mad-scientist.com>	2008-06-11 07:41:16 +0000
commit	55d04f9a23e995bfc74182374e4346d839a05c5d (patch)
tree	ec699208494810d2dd64ad20e56e34bf9829eb27 /Modules/md5.c
parent	ead1f7120c99a2b977c089039e00d35dd28de296 (diff)
download	cpython-55d04f9a23e995bfc74182374e4346d839a05c5d.tar.gz