dev-lang/python/files/python-3.6.12-CVE-2022-37454.patch - third_party/overlays/chromiumos-overlay - Git at Google

 From 8088c90044ba04cd5624b278340ebf934dbee4a5 Mon Sep 17 00:00:00 2001
 From: "Miss Islington (bot)"
  <31488909+miss-islington@users.noreply.github.com>
 Date: Fri, 21 Oct 2022 20:37:54 -0700
 Subject: [PATCH] [3.7] gh-98517: Fix buffer overflows in _sha3 module
  (GH-98519) (GH-98528)

 This is a port of the applicable part of XKCP's fix [1] for
 CVE-2022-37454 and avoids the segmentation fault and the infinite
 loop in the test cases published in [2].

 [1]: https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a
 [2]: https://mouha.be/sha-3-buffer-overflow/

 Regression test added by: Gregory P. Smith [Google LLC] <greg@krypto.org>
 (cherry picked from commit 0e4e058602d93b88256ff90bbef501ba20be9dd3)

 Co-authored-by: Theo Buehler <botovq@users.noreply.github.com>
 ---
  Lib/test/test_hashlib.py                          |  9 +++++++++
  .../2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst |  1 +
  Modules/_sha3/kcp/KeccakSponge.inc                | 15 ++++++++-------
  3 files changed, 18 insertions(+), 7 deletions(-)
  create mode 100644 Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst

 diff --git a/Lib/test/test_hashlib.py b/Lib/test/test_hashlib.py
 index fc0649d670d2..2bf96de4e0e7 100644
 --- a/Lib/test/test_hashlib.py
 +++ b/Lib/test/test_hashlib.py
 @@ -415,6 +415,15 @@ def test_case_md5_huge(self, size):
      def test_case_md5_uintmax(self, size):
          self.check('md5', b'A'*size, '28138d306ff1b8281f1a9067e1a1a2b3')

 +    @unittest.skipIf(sys.maxsize < _4G - 1, 'test cannot run on 32-bit systems')
 +    @bigmemtest(size=_4G - 1, memuse=1, dry_run=False)
 +    def test_sha3_update_overflow(self, size):
 +        """Regression test for gh-98517 CVE-2022-37454."""
 +        h = hashlib.sha3_224()
 +        h.update(b'\x01')
 +        h.update(b'\x01'*0xffff_ffff)
 +        self.assertEqual(h.hexdigest(), '80762e8ce6700f114fec0f621fd97c4b9c00147fa052215294cceeed')
 +
      # use the three examples from Federal Information Processing Standards
      # Publication 180-1, Secure Hash Standard,  1995 April 17
      # http://www.itl.nist.gov/div897/pubs/fip180-1.htm
 diff --git a/Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst b/Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst
 new file mode 100644
 index 000000000000..2d23a6ad93c7
 --- /dev/null
 +++ b/Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst
 @@ -0,0 +1 @@
 +Port XKCP's fix for the buffer overflows in SHA-3 (CVE-2022-37454).
 diff --git a/Modules/_sha3/kcp/KeccakSponge.inc b/Modules/_sha3/kcp/KeccakSponge.inc
 index e10739deafa8..cf92e4db4d36 100644
 --- a/Modules/_sha3/kcp/KeccakSponge.inc
 +++ b/Modules/_sha3/kcp/KeccakSponge.inc
 @@ -171,7 +171,7 @@ int SpongeAbsorb(SpongeInstance *instance, const unsigned char *data, size_t dat
      i = 0;
      curData = data;
      while(i < dataByteLen) {
 -        if ((instance->byteIOIndex == 0) && (dataByteLen >= (i + rateInBytes))) {
 +        if ((instance->byteIOIndex == 0) && (dataByteLen-i >= rateInBytes)) {
  #ifdef SnP_FastLoop_Absorb
              /* processing full blocks first */

 @@ -199,10 +199,10 @@ int SpongeAbsorb(SpongeInstance *instance, const unsigned char *data, size_t dat
          }
          else {
              /* normal lane: using the message queue */
 -
 -            partialBlock = (unsigned int)(dataByteLen - i);
 -            if (partialBlock+instance->byteIOIndex > rateInBytes)
 +            if (dataByteLen-i > rateInBytes-instance->byteIOIndex)
                  partialBlock = rateInBytes-instance->byteIOIndex;
 +            else
 +                partialBlock = (unsigned int)(dataByteLen - i);
              #ifdef KeccakReference
              displayBytes(1, "Block to be absorbed (part)", curData, partialBlock);
              #endif
 @@ -281,7 +281,7 @@ int SpongeSqueeze(SpongeInstance *instance, unsigned char *data, size_t dataByte
      i = 0;
      curData = data;
      while(i < dataByteLen) {
 -        if ((instance->byteIOIndex == rateInBytes) && (dataByteLen >= (i + rateInBytes))) {
 +        if ((instance->byteIOIndex == rateInBytes) && (dataByteLen-i >= rateInBytes)) {
              for(j=dataByteLen-i; j>=rateInBytes; j-=rateInBytes) {
                  SnP_Permute(instance->state);
                  SnP_ExtractBytes(instance->state, curData, 0, rateInBytes);
 @@ -299,9 +299,10 @@ int SpongeSqueeze(SpongeInstance *instance, unsigned char *data, size_t dataByte
                  SnP_Permute(instance->state);
                  instance->byteIOIndex = 0;
              }
 -            partialBlock = (unsigned int)(dataByteLen - i);
 -            if (partialBlock+instance->byteIOIndex > rateInBytes)
 +            if (dataByteLen-i > rateInBytes-instance->byteIOIndex)
                  partialBlock = rateInBytes-instance->byteIOIndex;
 +            else
 +                partialBlock = (unsigned int)(dataByteLen - i);
              i += partialBlock;

              SnP_ExtractBytes(instance->state, curData, instance->byteIOIndex, partialBlock);
	From 8088c90044ba04cd5624b278340ebf934dbee4a5 Mon Sep 17 00:00:00 2001
	From: "Miss Islington (bot)"
	<31488909+miss-islington@users.noreply.github.com>
	Date: Fri, 21 Oct 2022 20:37:54 -0700
	Subject: [PATCH] [3.7] gh-98517: Fix buffer overflows in _sha3 module
	(GH-98519) (GH-98528)

	This is a port of the applicable part of XKCP's fix [1] for
	CVE-2022-37454 and avoids the segmentation fault and the infinite
	loop in the test cases published in [2].

	[1]: https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a
	[2]: https://mouha.be/sha-3-buffer-overflow/

	Regression test added by: Gregory P. Smith [Google LLC] <greg@krypto.org>
	(cherry picked from commit 0e4e058602d93b88256ff90bbef501ba20be9dd3)

	Co-authored-by: Theo Buehler <botovq@users.noreply.github.com>
	---
	Lib/test/test_hashlib.py \| 9 +++++++++
	.../2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst \| 1 +
	Modules/_sha3/kcp/KeccakSponge.inc \| 15 ++++++++-------
	3 files changed, 18 insertions(+), 7 deletions(-)
	create mode 100644 Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst

	diff --git a/Lib/test/test_hashlib.py b/Lib/test/test_hashlib.py
	index fc0649d670d2..2bf96de4e0e7 100644
	--- a/Lib/test/test_hashlib.py
	+++ b/Lib/test/test_hashlib.py
	@@ -415,6 +415,15 @@ def test_case_md5_huge(self, size):
	def test_case_md5_uintmax(self, size):
	self.check('md5', b'A'*size, '28138d306ff1b8281f1a9067e1a1a2b3')

	+ @unittest.skipIf(sys.maxsize < _4G - 1, 'test cannot run on 32-bit systems')
	+ @bigmemtest(size=_4G - 1, memuse=1, dry_run=False)
	+ def test_sha3_update_overflow(self, size):
	+ """Regression test for gh-98517 CVE-2022-37454."""
	+ h = hashlib.sha3_224()
	+ h.update(b'\x01')
	+ h.update(b'\x01'*0xffff_ffff)
	+ self.assertEqual(h.hexdigest(), '80762e8ce6700f114fec0f621fd97c4b9c00147fa052215294cceeed')
	+
	# use the three examples from Federal Information Processing Standards
	# Publication 180-1, Secure Hash Standard, 1995 April 17
	# http://www.itl.nist.gov/div897/pubs/fip180-1.htm
	diff --git a/Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst b/Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst
	new file mode 100644
	index 000000000000..2d23a6ad93c7
	--- /dev/null
	+++ b/Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst
	@@ -0,0 +1 @@
	+Port XKCP's fix for the buffer overflows in SHA-3 (CVE-2022-37454).
	diff --git a/Modules/_sha3/kcp/KeccakSponge.inc b/Modules/_sha3/kcp/KeccakSponge.inc
	index e10739deafa8..cf92e4db4d36 100644
	--- a/Modules/_sha3/kcp/KeccakSponge.inc
	+++ b/Modules/_sha3/kcp/KeccakSponge.inc
	@@ -171,7 +171,7 @@ int SpongeAbsorb(SpongeInstance instance, const unsigned char data, size_t dat
	i = 0;
	curData = data;
	while(i < dataByteLen) {
	- if ((instance->byteIOIndex == 0) && (dataByteLen >= (i + rateInBytes))) {
	+ if ((instance->byteIOIndex == 0) && (dataByteLen-i >= rateInBytes)) {
	#ifdef SnP_FastLoop_Absorb
	/* processing full blocks first */

	@@ -199,10 +199,10 @@ int SpongeAbsorb(SpongeInstance instance, const unsigned char data, size_t dat
	}
	else {
	/* normal lane: using the message queue */
	-
	- partialBlock = (unsigned int)(dataByteLen - i);
	- if (partialBlock+instance->byteIOIndex > rateInBytes)
	+ if (dataByteLen-i > rateInBytes-instance->byteIOIndex)
	partialBlock = rateInBytes-instance->byteIOIndex;
	+ else
	+ partialBlock = (unsigned int)(dataByteLen - i);
	#ifdef KeccakReference
	displayBytes(1, "Block to be absorbed (part)", curData, partialBlock);
	#endif
	@@ -281,7 +281,7 @@ int SpongeSqueeze(SpongeInstance instance, unsigned char data, size_t dataByte
	i = 0;
	curData = data;
	while(i < dataByteLen) {
	- if ((instance->byteIOIndex == rateInBytes) && (dataByteLen >= (i + rateInBytes))) {
	+ if ((instance->byteIOIndex == rateInBytes) && (dataByteLen-i >= rateInBytes)) {
	for(j=dataByteLen-i; j>=rateInBytes; j-=rateInBytes) {
	SnP_Permute(instance->state);
	SnP_ExtractBytes(instance->state, curData, 0, rateInBytes);
	@@ -299,9 +299,10 @@ int SpongeSqueeze(SpongeInstance instance, unsigned char data, size_t dataByte
	SnP_Permute(instance->state);
	instance->byteIOIndex = 0;
	}
	- partialBlock = (unsigned int)(dataByteLen - i);
	- if (partialBlock+instance->byteIOIndex > rateInBytes)
	+ if (dataByteLen-i > rateInBytes-instance->byteIOIndex)
	partialBlock = rateInBytes-instance->byteIOIndex;
	+ else
	+ partialBlock = (unsigned int)(dataByteLen - i);
	i += partialBlock;

	SnP_ExtractBytes(instance->state, curData, instance->byteIOIndex, partialBlock);