1 |
The WhirlpoolAdd function did not consider zero-length input, so calls |
2 |
to update(b'') would produce out-of-bounds errors. This was not covered |
3 |
by any tests, because the constructor implicitly skipped the call to |
4 |
update on zero-length input. |
5 |
|
6 |
Add check for zero-length input to WhirlpoolAdd, and have the Whirlpool |
7 |
constructor skip calling update() only if arg is None. |
8 |
|
9 |
Closes: https://bugs.gentoo.org/846389 |
10 |
Signed-off-by: Thomas Bracht Laumann Jespersen <t@×××××××.xyz> |
11 |
--- |
12 |
PR on github: https://github.com/gentoo/portage/pull/832 |
13 |
|
14 |
lib/portage/util/whirlpool.py | 16 +++++++++++----- |
15 |
1 file changed, 11 insertions(+), 5 deletions(-) |
16 |
|
17 |
diff --git a/lib/portage/util/whirlpool.py b/lib/portage/util/whirlpool.py |
18 |
index de344d8eb..9178d70c7 100644 |
19 |
--- a/lib/portage/util/whirlpool.py |
20 |
+++ b/lib/portage/util/whirlpool.py |
21 |
@@ -37,11 +37,9 @@ class Whirlpool: |
22 |
may be provided; if present, this string will be automatically |
23 |
hashed.""" |
24 |
|
25 |
- def __init__(self, arg=None): |
26 |
+ def __init__(self, arg=b""): |
27 |
self.ctx = WhirlpoolStruct() |
28 |
- if arg: |
29 |
- self.update(arg) |
30 |
- self.digest_status = 0 |
31 |
+ self.update(arg) |
32 |
|
33 |
def update(self, arg): |
34 |
"""update(arg)""" |
35 |
@@ -71,7 +69,7 @@ class Whirlpool: |
36 |
return copy.deepcopy(self) |
37 |
|
38 |
|
39 |
-def new(init=None): |
40 |
+def new(init=b""): |
41 |
"""Return a new Whirlpool object. An optional string argument |
42 |
may be provided; if present, this string will be automatically |
43 |
hashed.""" |
44 |
@@ -2183,6 +2181,8 @@ def WhirlpoolInit(ctx): |
45 |
def WhirlpoolAdd(source, sourceBits, ctx): |
46 |
if not isinstance(source, bytes): |
47 |
raise TypeError("Expected %s, got %s" % (bytes, type(source))) |
48 |
+ if sourceBits == 0: |
49 |
+ return |
50 |
|
51 |
carry = 0 |
52 |
value = sourceBits |
53 |
@@ -2350,3 +2350,9 @@ if __name__ == "__main__": |
54 |
Whirlpool(b"").hexdigest() |
55 |
== "19fa61d75522a4669b44e39c1d2e1726c530232130d407f89afee0964997f7a73e83be698b288febcf88e3e03c4f0757ea8964e59b63d93708b138cc42a66eb3" |
56 |
) |
57 |
+ w = Whirlpool() |
58 |
+ w.update(b"") |
59 |
+ assert ( |
60 |
+ w.hexdigest() |
61 |
+ == "19fa61d75522a4669b44e39c1d2e1726c530232130d407f89afee0964997f7a73e83be698b288febcf88e3e03c4f0757ea8964e59b63d93708b138cc42a66eb3" |
62 |
+ ) |
63 |
-- |
64 |
2.35.1 |