Skip to content

Commit

Permalink
changelog + security fix backport (#8231)
Browse files Browse the repository at this point in the history 
* Don't allow update_into to mutate immutable objects (#8230)

* add changelog for 39.0.1

* oops

* bump versions

* remove circle

---------

Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
  • Loading branch information
@reaperhulk @alex
reaperhulk and alex committed Feb 7, 2023
1 parent 138da90 commit d6951dc
Show file tree
Hide file tree
Showing 5 changed files with 20 additions and 3 deletions.
9 changes: 9 additions & 0 deletions CHANGELOG.rst
View file
@@ -1,6 +1,15 @@
Changelog
=========

.. _v39-0-1:

39.0.1 - 2023-02-07
~~~~~~~~~~~~~~~~~~~

* **SECURITY ISSUE** - Fixed a bug where ``Cipher.update_into`` accepted Python
buffer protocol objects, but allowed immutable buffers. **CVE-2023-23931**
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.8.

.. _v39-0-0:

39.0.0 - 2023-01-01
Expand Down
2 changes: 1 addition & 1 deletion src/cryptography/__about__.py
View file
Expand Up @@ -9,7 +9,7 @@
"__copyright__",
]

__version__ = "39.0.0"
__version__ = "39.0.1"

__author__ = "The Python Cryptographic Authority and individual contributors"
__copyright__ = "Copyright 2013-2022 {}".format(__author__)
2 changes: 1 addition & 1 deletion src/cryptography/hazmat/backends/openssl/ciphers.py
View file
Expand Up @@ -156,7 +156,7 @@ def update_into(self, data: bytes, buf: bytes) -> int:
data_processed = 0
total_out = 0
outlen = self._backend._ffi.new("int *")
baseoutbuf = self._backend._ffi.from_buffer(buf)
baseoutbuf = self._backend._ffi.from_buffer(buf, require_writable=True)
baseinbuf = self._backend._ffi.from_buffer(data)

while data_processed != total_data_len:
Expand Down
8 changes: 8 additions & 0 deletions tests/hazmat/primitives/test_ciphers.py
View file
Expand Up @@ -318,6 +318,14 @@ def test_update_into_buffer_too_small(self, backend):
with pytest.raises(ValueError):
encryptor.update_into(b"testing", buf)

def test_update_into_immutable(self, backend):
key = b"\x00" * 16
c = ciphers.Cipher(AES(key), modes.ECB(), backend)
encryptor = c.encryptor()
buf = b"\x00" * 32
with pytest.raises((TypeError, BufferError)):
encryptor.update_into(b"testing", buf)

@pytest.mark.supported(
only_if=lambda backend: backend.cipher_supported(
AES(b"\x00" * 16), modes.GCM(b"\x00" * 12)
Expand Down
2 changes: 1 addition & 1 deletion vectors/cryptography_vectors/__about__.py
View file
Expand Up @@ -6,4 +6,4 @@
"__version__",
]

__version__ = "39.0.0"
__version__ = "39.0.1"

2 comments on commit d6951dc

@rmarviila
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the fixing related as: * Pyca Cryptography Vulnerable to Memory Corruption via 'update_into' Function *
Black Duck reference: BLACKDUCK - BDSA-2023-0242
Black Duck endpoint: https://blackduck.aa.com/api/vulnerabilities/BDSA-2023-0242/technical

@rmarviila
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the fixing related as: * Pyca Cryptography Vulnerable to Memory Corruption via 'update_into' Function *
Black Duck reference: BLACKDUCK - BDSA-2023-0242
Black Duck endpoint: https://blackduck.aa.com/api/vulnerabilities/BDSA-2023-0242/technical

Please sign in to comment.