commit e78960fa8c2a210484695bf2e20c4847313cf5a0
author Alex Gaynor <alex.gaynor@gmail.com> Fri Dec 20 11:02:33 2013 -0800
committer Alex Gaynor <alex.gaynor@gmail.com> Fri Dec 20 11:02:33 2013 -0800
tree cd5760d1da82cac45de7c5ac8e21164d1e92ee04
parent 05515723738870170b05b47ee260564b9ebe62f9

Handle invalid timestamp length

cryptography/fernet.py

diff --git a/cryptography/fernet.py b/cryptography/fernet.py
index 10698f2..b59f6a9 100644
--- a/cryptography/fernet.py
+++ b/cryptography/fernet.py
@@ -94,7 +94,10 @@
         if six.indexbytes(data, 0) != 0x80:
             raise InvalidToken
 
-        timestamp = struct.unpack(">Q", data[1:9])[0]
+        try:
+            timestamp, = struct.unpack(">Q", data[1:9])
+        except struct.error:
+            raise InvalidToken
         iv = data[9:25]
         ciphertext = data[25:-32]
         if ttl is not None:

tests/test_fernet.py

diff --git a/tests/test_fernet.py b/tests/test_fernet.py
index 7766118..45188c4 100644
--- a/tests/test_fernet.py
+++ b/tests/test_fernet.py
@@ -74,6 +74,11 @@
         with pytest.raises(InvalidToken):
             f.decrypt(base64.urlsafe_b64encode(b"\x81"))
 
+    def test_timestamp_too_short(self, backend):
+        f = Fernet(Fernet.generate_key(), backend=backend)
+        with pytest.raises(InvalidToken):
+            f.decrypt(base64.urlsafe_b64encode(b"\x80abc"))
+
     def test_unicode(self, backend):
         f = Fernet(base64.urlsafe_b64encode(b"\x00" * 32), backend=backend)
         with pytest.raises(TypeError):