Merge in release25-maint r60793: Added checks for integer overflows, contributed by Google. Some are only available if asserts are left in the code, in cases where they can't be triggered from Python code.

commit: 9d53457e599623fbad90833c3448835b42d7e7f9 [log] [tgz]
author: Gregory P. Smith <greg@mad-scientist.com> Wed Jun 11 07:41:16 2008 +0000
committer: Gregory P. Smith <greg@mad-scientist.com> Wed Jun 11 07:41:16 2008 +0000
tree: 41d37b556618eb8e831463c576d854063a33d77b
parent: 73baefd7fc86a7f8336e4142efcec74c201acf8f [diff] [blame]
diff --git a/Modules/md5.c b/Modules/md5.c
index c35d96c..0e1058f 100644
--- a/Modules/md5.c
+++ b/Modules/md5.c

@@ -53,6 +53,7 @@
 
 #include "md5.h"
 #include <string.h>
+#include <limits.h>
 
 #undef BYTE_ORDER	/* 1 = big-endian, -1 = little-endian, 0 = unknown */
 #ifdef ARCH_IS_BIG_ENDIAN
@@ -330,6 +331,18 @@
     if (nbytes <= 0)
 	return;
 
+    /* this special case is handled recursively */
+    if (nbytes > INT_MAX - offset) {
+        int overlap;
+
+        /* handle the append in two steps to prevent overflow */
+        overlap = 64 - offset;
+
+        md5_append(pms, data, overlap);
+        md5_append(pms, data + overlap, nbytes - overlap); 
+        return;
+    }
+
     /* Update the message length. */
     pms->count[1] += nbytes >> 29;
     pms->count[0] += nbits;
commit	9d53457e599623fbad90833c3448835b42d7e7f9	[log] [tgz]
author	Gregory P. Smith <greg@mad-scientist.com>	Wed Jun 11 07:41:16 2008 +0000
committer	Gregory P. Smith <greg@mad-scientist.com>	Wed Jun 11 07:41:16 2008 +0000
tree	41d37b556618eb8e831463c576d854063a33d77b
parent	73baefd7fc86a7f8336e4142efcec74c201acf8f [diff] [blame]