[issue34922] hashlib segmentation fault

Ned Deily added the comment: Since there has been no further discussion on this since the fixes were pushed over a year ago, I am declaring this issue resolved. Thanks for everyone's help! -- assignee: ned.deily -> resolution: -> fixed stage: patch review -> resolved status: open

[issue34922] hashlib segmentation fault

Ned Deily added the comment: Serhiy's fixes (thanks!) are now released in 3.7.0rc2 and 3.6.7rc2 so I'm removing the "release blocker" status. If there is nothing more to be done for this issue, can we close it? shuoz: > oh brother, maybe this worth open a cve. Note that Serhiy believes

[issue34922] hashlib segmentation fault

shuoz added the comment: oh brother, maybe this worth open a cve. -- ___ Python tracker ___ ___ Python-bugs-list mailing list

[issue34922] hashlib segmentation fault

Serhiy Storchaka added the comment: Since it is tagged as a release blocker, I think that only Ned can close it. Personally I don't think that this issue is a security issue. digest() and hexdigest() argument usually is a constant. It is unlikely that the crash can be triggered by user

[issue34922] hashlib segmentation fault

Terry J. Reedy added the comment: Should this be closed as fixed? -- nosy: +terry.reedy ___ Python tracker ___ ___

[issue34922] hashlib segmentation fault

Serhiy Storchaka added the comment: New changeset 69e6ad6cdfa28a7b8e7b8780b07dfcdbfb0e7030 by Serhiy Storchaka (Miss Islington (bot)) in branch '3.6': [3.6] bpo-34922: Fix integer overflow in the digest() and hexdigest() methods (GH-9751) (GH-9798) (GH-9801)

[issue34922] hashlib segmentation fault

Serhiy Storchaka added the comment: New changeset 8b040e55395b37bdb8fd4ec85a270cfc9ec95307 by Serhiy Storchaka in branch '3.7': [3.7] bpo-34922: Fix integer overflow in the digest() and hexdigest() methods (GH-9751) (GH-9798)

[issue34922] hashlib segmentation fault

Change by miss-islington : -- pull_requests: +9184 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue34922] hashlib segmentation fault

Change by Serhiy Storchaka : -- pull_requests: +9183 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue34922] hashlib segmentation fault

Serhiy Storchaka added the comment: New changeset 9b8c2e767643256202bb11456ba8665593b9a500 by Serhiy Storchaka in branch 'master': bpo-34922: Fix integer overflow in the digest() and hexdigest() methods (GH-9751)

[issue34922] hashlib segmentation fault

Change by miss-islington : -- pull_requests: +9182 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue34922] hashlib segmentation fault

Ned Deily added the comment: We've reached the cutoff point for 3.7.1rc2 and 3.6.7rc2 and I don't see a PR or a resolution of this for either branch yet. If there's a chance for merged PRs in the next couple of hours, I'll wait a bit longer but otherwise these fixes will have to wait.

[issue34922] hashlib segmentation fault

shuoz added the comment: I send this to secur...@python.org. Victor Stinner response me. "import hashlib; hashlib.shake_128().hexdigest((-1)&2**64-1)" can crash python3.7 and master ``` fan@fan:~/github/new$ ./py3.7/bin/python3 Python 3.7.1rc1+ (heads/3.7:c59e75c, Oct 8 2018, 08:53:13)

[issue34922] hashlib segmentation fault

Change by Serhiy Storchaka : -- nosy: +vstinner ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue34922] hashlib segmentation fault

Serhiy Storchaka added the comment: The original crash is nor reproducible in 3.7 and master, but Victor found other example that causes a crash in 3.7 and master. import hashlib; hashlib.shake_128().hexdigest(2*64-10) Use 2*32-10 on 32-bit platforms. I suppose that passing 2**29 on

[issue34922] hashlib segmentation fault

Change by Serhiy Storchaka : -- keywords: +patch pull_requests: +9138 stage: -> patch review ___ Python tracker ___ ___

[issue34922] hashlib segmentation fault

Change by Serhiy Storchaka : -- assignee: -> serhiy.storchaka components: +Extension Modules -Demos and Tools type: security -> crash versions: +Python 3.7, Python 3.8 ___ Python tracker

[issue34922] hashlib segmentation fault

Ned Deily added the comment: No problem; that's something to watch out for when you get an update conflict message from the bug tracker! Regarding this issue, I believe Serhiy is going to do a PR but perhaps you can work with him on providing the test case. --

[issue34922] hashlib segmentation fault

Karthikeyan Singaravelan added the comment: Sorry Ned, my comment seems to have changed the priority while submitting the comment. I would also propose adding the attached report as a unit test. -- ___ Python tracker

[issue34922] hashlib segmentation fault

Change by Ned Deily : -- priority: normal -> release blocker ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue34922] hashlib segmentation fault

Karthikeyan Singaravelan added the comment: Thanks for the report. Interesting, this is not reproducible on master and latest 3.7 branches though both have different errors but reproducible in latest 3.6 and v3.7.0 . As Ned noted this seems to have been fixed with issue33729 but still there

[issue34922] hashlib segmentation fault

Ned Deily added the comment: See also Issue33729. We need this addressed for 3.6.7. -- nosy: +christian.heimes, ned.deily, serhiy.storchaka priority: normal -> release blocker ___ Python tracker

[issue34922] hashlib segmentation fault

Change by Karthikeyan Singaravelan : -- nosy: +xtreak ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue34922] hashlib segmentation fault

New submission from shuoz : python hashlib a signd overflow maybe cause a memory over read. python version: Python 3.6.7rc1+ (heads/3.6:cb0bec3, Oct 1 2018, 02:19:39) [GCC 7.3.0] on linux Type "help", "copyright", "credits" or "license" for more information. ```