]> granicus.if.org Git - python/commitdiff
Fixes Issue #3745: Fix hashlib to always reject unicode and non
authorGregory P. Smith <greg@mad-scientist.com>
Thu, 12 Feb 2009 07:35:29 +0000 (07:35 +0000)
committerGregory P. Smith <greg@mad-scientist.com>
Thu, 12 Feb 2009 07:35:29 +0000 (07:35 +0000)
buffer-api supporting objects as input no matter how it was compiled
(built in implementations or external openssl library).

Lib/test/test_hashlib.py
Misc/NEWS
Modules/_hashopenssl.c
Modules/hashlib.h [new file with mode: 0644]
Modules/md5module.c
Modules/sha1module.c
Modules/sha256module.c
Modules/sha512module.c

index e69c704f1f111a7cdc9ba3497da6ec7f370565b5..9b51459892ff4fd26d509b190b7919e7244f8289 100644 (file)
@@ -63,6 +63,18 @@ class HashLibTestCase(unittest.TestCase):
         computed = hashlib.new(name, data).hexdigest()
         self.assertEqual(computed, digest)
 
+    def check_no_unicode(self, algorithm_name):
+        # Unicode objects are not allowed as input.
+        self.assertRaises(TypeError, getattr(hashlib, algorithm_name), 'spam')
+        self.assertRaises(TypeError, hashlib.new, algorithm_name, 'spam')
+
+    def test_no_unicode(self):
+        self.check_no_unicode('md5')
+        self.check_no_unicode('sha1')
+        self.check_no_unicode('sha224')
+        self.check_no_unicode('sha256')
+        self.check_no_unicode('sha384')
+        self.check_no_unicode('sha512')
 
     def test_case_md5_0(self):
         self.check('md5', b'', 'd41d8cd98f00b204e9800998ecf8427e')
index 7f99d4532efe52557d23951c1779ed4413844121..c31c1a74bea206549074919ecbcc385cbe1468b6 100644 (file)
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -491,6 +491,10 @@ C-API
 Extension Modules
 -----------------
 
+- Issue #3745: Fix hashlib to always reject unicode and non buffer-api
+  supporting objects as input no matter how it was compiled (built in
+  implementations or external openssl library).
+
 - Issue #4397: Fix occasional test_socket failure on OS X.
 
 - Issue #4279: Fix build of parsermodule under Cygwin.
index bd15b0195508c7cdb3e6f89c9ae3483c60baa43a..569d441c99e2129011fbefd8ffabe7cd2797c7b9 100644 (file)
@@ -15,6 +15,7 @@
 
 #include "Python.h"
 #include "structmember.h"
+#include "hashlib.h"
 
 /* EVP is the preferred interface to hashing in OpenSSL */
 #include <openssl/evp.h>
@@ -203,28 +204,6 @@ EVP_hexdigest(EVPobject *self, PyObject *unused)
     return retval;
 }
 
-#define MY_GET_BUFFER_VIEW_OR_ERROUT(obj, viewp) do { \
-        if (PyUnicode_Check((obj))) { \
-            PyErr_SetString(PyExc_TypeError, \
-                            "Unicode-objects must be encoded before hashing");\
-            return NULL; \
-        } \
-        if (!PyObject_CheckBuffer((obj))) { \
-            PyErr_SetString(PyExc_TypeError, \
-                            "object supporting the buffer API required"); \
-            return NULL; \
-        } \
-        if (PyObject_GetBuffer((obj), (viewp), PyBUF_SIMPLE) == -1) { \
-            return NULL; \
-        } \
-        if ((viewp)->ndim > 1) { \
-            PyErr_SetString(PyExc_BufferError, \
-                            "Buffer must be single dimension"); \
-            PyBuffer_Release((viewp)); \
-            return NULL; \
-        } \
-    } while(0);
-
 PyDoc_STRVAR(EVP_update__doc__,
 "Update this hash object's state with the provided string.");
 
@@ -237,7 +216,7 @@ EVP_update(EVPobject *self, PyObject *args)
     if (!PyArg_ParseTuple(args, "O:update", &obj))
         return NULL;
 
-    MY_GET_BUFFER_VIEW_OR_ERROUT(obj, &view);
+    GET_BUFFER_VIEW_OR_ERROUT(obj, &view);
 
 #ifdef WITH_THREAD
     if (self->lock == NULL && view.len >= HASHLIB_GIL_MINSIZE) {
@@ -344,7 +323,7 @@ EVP_tp_init(EVPobject *self, PyObject *args, PyObject *kwds)
     }
 
     if (data_obj)
-        MY_GET_BUFFER_VIEW_OR_ERROUT(data_obj, &view);
+        GET_BUFFER_VIEW_OR_ERROUT(data_obj, &view);
 
     if (!PyArg_Parse(name_obj, "s", &nameStr)) {
         PyErr_SetString(PyExc_TypeError, "name must be a string");
@@ -507,7 +486,7 @@ EVP_new(PyObject *self, PyObject *args, PyObject *kwdict)
     }
 
     if (data_obj)
-        MY_GET_BUFFER_VIEW_OR_ERROUT(data_obj, &view);
+        GET_BUFFER_VIEW_OR_ERROUT(data_obj, &view);
 
     digest = EVP_get_digestbyname(name);
 
@@ -538,7 +517,7 @@ EVP_new(PyObject *self, PyObject *args, PyObject *kwdict)
         } \
      \
         if (data_obj) \
-            MY_GET_BUFFER_VIEW_OR_ERROUT(data_obj, &view); \
+            GET_BUFFER_VIEW_OR_ERROUT(data_obj, &view); \
      \
         ret_obj = EVPnew( \
                     CONST_ ## NAME ## _name_obj, \
diff --git a/Modules/hashlib.h b/Modules/hashlib.h
new file mode 100644 (file)
index 0000000..db39cea
--- /dev/null
@@ -0,0 +1,28 @@
+/* Common code for use by all hashlib related modules. */
+
+/*
+ * Given a PyObject* obj, fill in the Py_buffer* viewp with the result
+ * of PyObject_GetBuffer.  Sets and exception and issues a return NULL
+ * on any errors.
+ */
+#define GET_BUFFER_VIEW_OR_ERROUT(obj, viewp) do { \
+        if (PyUnicode_Check((obj))) { \
+            PyErr_SetString(PyExc_TypeError, \
+                            "Unicode-objects must be encoded before hashing");\
+            return NULL; \
+        } \
+        if (!PyObject_CheckBuffer((obj))) { \
+            PyErr_SetString(PyExc_TypeError, \
+                            "object supporting the buffer API required"); \
+            return NULL; \
+        } \
+        if (PyObject_GetBuffer((obj), (viewp), PyBUF_SIMPLE) == -1) { \
+            return NULL; \
+        } \
+        if ((viewp)->ndim > 1) { \
+            PyErr_SetString(PyExc_BufferError, \
+                            "Buffer must be single dimension"); \
+            PyBuffer_Release((viewp)); \
+            return NULL; \
+        } \
+    } while(0);
index 3d54131dec5a8429dc99513875fa3da0c349083e..ac98433831c9b75f0a2e32cc02a5fa8a000b7a52 100644 (file)
@@ -17,6 +17,7 @@
 /* MD5 objects */
 
 #include "Python.h"
+#include "hashlib.h"
 
 
 /* Some useful types */
@@ -411,11 +412,14 @@ PyDoc_STRVAR(MD5_update__doc__,
 static PyObject *
 MD5_update(MD5object *self, PyObject *args)
 {
+    PyObject *obj;
     Py_buffer buf;
  
-    if (!PyArg_ParseTuple(args, "s*:update", &buf))
+    if (!PyArg_ParseTuple(args, "O:update", &obj))
         return NULL;
 
+    GET_BUFFER_VIEW_OR_ERROUT(obj, &buf);
+
     md5_process(&self->hash_state, buf.buf, buf.len);
 
     PyBuffer_Release(&buf);
@@ -511,14 +515,17 @@ MD5_new(PyObject *self, PyObject *args, PyObject *kwdict)
 {
     static char *kwlist[] = {"string", NULL};
     MD5object *new;
+    PyObject *data_obj = NULL;
     Py_buffer buf;
-    buf.buf = NULL;
 
-    if (!PyArg_ParseTupleAndKeywords(args, kwdict, "|s*:new", kwlist,
-                                     &buf)) {
+    if (!PyArg_ParseTupleAndKeywords(args, kwdict, "|O:new", kwlist,
+                                     &data_obj)) {
         return NULL;
     }
 
+    if (data_obj)
+        GET_BUFFER_VIEW_OR_ERROUT(data_obj, &buf);
+
     if ((new = newMD5object()) == NULL)
         return NULL;
 
@@ -528,7 +535,7 @@ MD5_new(PyObject *self, PyObject *args, PyObject *kwdict)
         Py_DECREF(new);
         return NULL;
     }
-    if (buf.buf) {
+    if (data_obj) {
         md5_process(&new->hash_state, buf.buf, buf.len);
        PyBuffer_Release(&buf);
     }
index 4d8ed1db9da87f20ae95f1e84d18f37fd5bb1f52..a7f6ad2cba624991f9e8ca57cc546bcf92f299c3 100644 (file)
@@ -17,6 +17,7 @@
 /* SHA1 objects */
 
 #include "Python.h"
+#include "hashlib.h"
 
 
 /* Some useful types */
@@ -387,11 +388,14 @@ PyDoc_STRVAR(SHA1_update__doc__,
 static PyObject *
 SHA1_update(SHA1object *self, PyObject *args)
 {
+    PyObject *obj;
     Py_buffer buf;
 
-    if (!PyArg_ParseTuple(args, "s*:update", &buf))
+    if (!PyArg_ParseTuple(args, "O:update", &obj))
         return NULL;
 
+    GET_BUFFER_VIEW_OR_ERROUT(obj, &buf);
+
     sha1_process(&self->hash_state, buf.buf, buf.len);
 
     PyBuffer_Release(&buf);
@@ -487,14 +491,17 @@ SHA1_new(PyObject *self, PyObject *args, PyObject *kwdict)
 {
     static char *kwlist[] = {"string", NULL};
     SHA1object *new;
+    PyObject *data_obj = NULL;
     Py_buffer buf;
-    buf.buf = NULL;
 
-    if (!PyArg_ParseTupleAndKeywords(args, kwdict, "|s*:new", kwlist,
-                                     &buf)) {
+    if (!PyArg_ParseTupleAndKeywords(args, kwdict, "|O:new", kwlist,
+                                     &data_obj)) {
         return NULL;
     }
 
+    if (data_obj)
+        GET_BUFFER_VIEW_OR_ERROUT(data_obj, &buf);
+
     if ((new = newSHA1object()) == NULL)
         return NULL;
 
@@ -504,7 +511,7 @@ SHA1_new(PyObject *self, PyObject *args, PyObject *kwdict)
         Py_DECREF(new);
         return NULL;
     }
-    if (buf.buf) {
+    if (data_obj) {
         sha1_process(&new->hash_state, buf.buf, buf.len);
        PyBuffer_Release(&buf);
     }
index 523f528876a96120d173a7d5e67290be5d885d37..c653416fbe637f43824d9895ea69901cefb59854 100644 (file)
@@ -18,6 +18,7 @@
 
 #include "Python.h"
 #include "structmember.h"
+#include "hashlib.h"
 
 
 /* Endianness testing and definitions */
@@ -480,14 +481,17 @@ PyDoc_STRVAR(SHA256_update__doc__,
 static PyObject *
 SHA256_update(SHAobject *self, PyObject *args)
 {
-    unsigned char *cp;
-    int len;
+    PyObject *obj;
+    Py_buffer buf;
 
-    if (!PyArg_ParseTuple(args, "s#:update", &cp, &len))
+    if (!PyArg_ParseTuple(args, "O:update", &obj))
         return NULL;
 
-    sha_update(self, cp, len);
+    GET_BUFFER_VIEW_OR_ERROUT(obj, &buf);
 
+    sha_update(self, buf.buf, buf.len);
+
+    PyBuffer_Release(&buf);
     Py_INCREF(Py_None);
     return Py_None;
 }
@@ -614,14 +618,17 @@ SHA256_new(PyObject *self, PyObject *args, PyObject *kwdict)
 {
     static char *kwlist[] = {"string", NULL};
     SHAobject *new;
-    unsigned char *cp = NULL;
-    int len;
+    PyObject *data_obj = NULL;
+    Py_buffer buf;
 
-    if (!PyArg_ParseTupleAndKeywords(args, kwdict, "|s#:new", kwlist,
-                                     &cp, &len)) {
+    if (!PyArg_ParseTupleAndKeywords(args, kwdict, "|O:new", kwlist,
+                                     &data_obj)) {
         return NULL;
     }
 
+    if (data_obj)
+        GET_BUFFER_VIEW_OR_ERROUT(data_obj, &buf);
+
     if ((new = newSHA256object()) == NULL)
         return NULL;
 
@@ -631,8 +638,10 @@ SHA256_new(PyObject *self, PyObject *args, PyObject *kwdict)
         Py_DECREF(new);
         return NULL;
     }
-    if (cp)
-        sha_update(new, cp, len);
+    if (data_obj) {
+        sha_update(new, buf.buf, buf.len);
+        PyBuffer_Release(&buf);
+    }
 
     return (PyObject *)new;
 }
@@ -645,14 +654,17 @@ SHA224_new(PyObject *self, PyObject *args, PyObject *kwdict)
 {
     static char *kwlist[] = {"string", NULL};
     SHAobject *new;
-    unsigned char *cp = NULL;
-    int len;
+    PyObject *data_obj = NULL;
+    Py_buffer buf;
 
-    if (!PyArg_ParseTupleAndKeywords(args, kwdict, "|s#:new", kwlist,
-                                     &cp, &len)) {
+    if (!PyArg_ParseTupleAndKeywords(args, kwdict, "|O:new", kwlist,
+                                     &data_obj)) {
         return NULL;
     }
 
+    if (data_obj)
+        GET_BUFFER_VIEW_OR_ERROUT(data_obj, &buf);
+
     if ((new = newSHA224object()) == NULL)
         return NULL;
 
@@ -662,8 +674,10 @@ SHA224_new(PyObject *self, PyObject *args, PyObject *kwdict)
         Py_DECREF(new);
         return NULL;
     }
-    if (cp)
-        sha_update(new, cp, len);
+    if (data_obj) {
+        sha_update(new, buf.buf, buf.len);
+        PyBuffer_Release(&buf);
+    }
 
     return (PyObject *)new;
 }
index 7d67a23b79805d94147a98d0aa9267da3e97e55a..17e417e76a8f03a5f6eefc4c350716b5d0eca141 100644 (file)
@@ -18,6 +18,7 @@
 
 #include "Python.h"
 #include "structmember.h"
+#include "hashlib.h"
 
 #ifdef PY_LONG_LONG /* If no PY_LONG_LONG, don't compile anything! */
 
@@ -546,14 +547,17 @@ PyDoc_STRVAR(SHA512_update__doc__,
 static PyObject *
 SHA512_update(SHAobject *self, PyObject *args)
 {
-    unsigned char *cp;
-    int len;
+    PyObject *obj;
+    Py_buffer buf;
 
-    if (!PyArg_ParseTuple(args, "s#:update", &cp, &len))
+    if (!PyArg_ParseTuple(args, "O:update", &obj))
         return NULL;
 
-    sha512_update(self, cp, len);
+    GET_BUFFER_VIEW_OR_ERROUT(obj, &buf);
 
+    sha512_update(self, buf.buf, buf.len);
+
+    PyBuffer_Release(&buf);
     Py_INCREF(Py_None);
     return Py_None;
 }
@@ -680,14 +684,17 @@ SHA512_new(PyObject *self, PyObject *args, PyObject *kwdict)
 {
     static char *kwlist[] = {"string", NULL};
     SHAobject *new;
-    unsigned char *cp = NULL;
-    int len;
+    PyObject *data_obj = NULL;
+    Py_buffer buf;
 
-    if (!PyArg_ParseTupleAndKeywords(args, kwdict, "|s#:new", kwlist,
-                                     &cp, &len)) {
+    if (!PyArg_ParseTupleAndKeywords(args, kwdict, "|O:new", kwlist,
+                                     &data_obj)) {
         return NULL;
     }
 
+    if (data_obj)
+        GET_BUFFER_VIEW_OR_ERROUT(data_obj, &buf);
+
     if ((new = newSHA512object()) == NULL)
         return NULL;
 
@@ -697,8 +704,10 @@ SHA512_new(PyObject *self, PyObject *args, PyObject *kwdict)
         Py_DECREF(new);
         return NULL;
     }
-    if (cp)
-        sha512_update(new, cp, len);
+    if (data_obj) {
+        sha512_update(new, buf.buf, buf.len);
+        PyBuffer_Release(&buf);
+    }
 
     return (PyObject *)new;
 }
@@ -711,14 +720,17 @@ SHA384_new(PyObject *self, PyObject *args, PyObject *kwdict)
 {
     static char *kwlist[] = {"string", NULL};
     SHAobject *new;
-    unsigned char *cp = NULL;
-    int len;
+    PyObject *data_obj = NULL;
+    Py_buffer buf;
 
-    if (!PyArg_ParseTupleAndKeywords(args, kwdict, "|s#:new", kwlist,
-                                     &cp, &len)) {
+    if (!PyArg_ParseTupleAndKeywords(args, kwdict, "|O:new", kwlist,
+                                     &data_obj)) {
         return NULL;
     }
 
+    if (data_obj)
+        GET_BUFFER_VIEW_OR_ERROUT(data_obj, &buf);
+
     if ((new = newSHA384object()) == NULL)
         return NULL;
 
@@ -728,8 +740,10 @@ SHA384_new(PyObject *self, PyObject *args, PyObject *kwdict)
         Py_DECREF(new);
         return NULL;
     }
-    if (cp)
-        sha512_update(new, cp, len);
+    if (data_obj) {
+        sha512_update(new, buf.buf, buf.len);
+        PyBuffer_Release(&buf);
+    }
 
     return (PyObject *)new;
 }