commit: 1f33f97b9e9c132d77d586d10bfe6ba0d3123050 Author: Thomas Bracht Laumann Jespersen <t <AT> laumann <DOT> xyz> AuthorDate: Thu May 19 09:50:05 2022 +0000 Commit: Michał Górny <mgorny <AT> gentoo <DOT> org> CommitDate: Sat May 21 10:11:50 2022 +0000 URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=1f33f97b
lib/portage/util: fix bundled whirlpool on empty bytestring input The WhirlpoolAdd function did not consider zero-length input, so calls to update(b'') would produce out-of-bounds errors. This was not covered by any tests, because the constructor implicitly skipped the call to update on zero-length input. Add check for zero-length input to WhirlpoolAdd, and have the Whirlpool constructor skip calling update() only if arg is None. Closes: https://bugs.gentoo.org/846389 Signed-off-by: Thomas Bracht Laumann Jespersen <t <AT> laumann.xyz> Closes: https://github.com/gentoo/portage/pull/832 Signed-off-by: Michał Górny <mgorny <AT> gentoo.org> lib/portage/util/whirlpool.py | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/lib/portage/util/whirlpool.py b/lib/portage/util/whirlpool.py index de344d8eb..9178d70c7 100644 --- a/lib/portage/util/whirlpool.py +++ b/lib/portage/util/whirlpool.py @@ -37,11 +37,9 @@ class Whirlpool: may be provided; if present, this string will be automatically hashed.""" - def __init__(self, arg=None): + def __init__(self, arg=b""): self.ctx = WhirlpoolStruct() - if arg: - self.update(arg) - self.digest_status = 0 + self.update(arg) def update(self, arg): """update(arg)""" @@ -71,7 +69,7 @@ class Whirlpool: return copy.deepcopy(self) -def new(init=None): +def new(init=b""): """Return a new Whirlpool object. An optional string argument may be provided; if present, this string will be automatically hashed.""" @@ -2183,6 +2181,8 @@ def WhirlpoolInit(ctx): def WhirlpoolAdd(source, sourceBits, ctx): if not isinstance(source, bytes): raise TypeError("Expected %s, got %s" % (bytes, type(source))) + if sourceBits == 0: + return carry = 0 value = sourceBits @@ -2350,3 +2350,9 @@ if __name__ == "__main__": Whirlpool(b"").hexdigest() == "19fa61d75522a4669b44e39c1d2e1726c530232130d407f89afee0964997f7a73e83be698b288febcf88e3e03c4f0757ea8964e59b63d93708b138cc42a66eb3" ) + w = Whirlpool() + w.update(b"") + assert ( + w.hexdigest() + == "19fa61d75522a4669b44e39c1d2e1726c530232130d407f89afee0964997f7a73e83be698b288febcf88e3e03c4f0757ea8964e59b63d93708b138cc42a66eb3" + )
