Merge pull request #238 from alex/padding-only-fixes

Fixed two bugs in the PKCS7 padding where unpadding would accept bad inputs
author: Hynek Schlawack <hs@ox.cx> 2013-11-09 07:13:52 -0800
committer: Hynek Schlawack <hs@ox.cx> 2013-11-09 07:13:52 -0800
commit: df52fa9d388c2fc7d721c0fba5ca21ec88a01a15 (patch)
tree: f44dda3b7c2d612dc8dfbcf1a63edb411e466b98 /cryptography
parent: 323faa72138f2e9c5249d9a42e7f42d741aec873 (diff)
parent: 715e85f3f39a2b8f50ae810ba86d64af30e13c56 (diff)
download: cryptography-df52fa9d388c2fc7d721c0fba5ca21ec88a01a15.tar.gz
cryptography-df52fa9d388c2fc7d721c0fba5ca21ec88a01a15.tar.bz2
cryptography-df52fa9d388c2fc7d721c0fba5ca21ec88a01a15.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/cryptography/hazmat/primitives/padding.py b/cryptography/hazmat/primitives/padding.py
index ddcadd89..eac18c2a 100644
--- a/cryptography/hazmat/primitives/padding.py
+++ b/cryptography/hazmat/primitives/padding.py
@@ -101,12 +101,12 @@ class _PKCS7UnpaddingContext(object):
         if self._buffer is None:
             raise ValueError("Context was already finalized")
 
-        if not self._buffer:
+        if len(self._buffer) != self.block_size // 8:
             raise ValueError("Invalid padding bytes")
 
         pad_size = six.indexbytes(self._buffer, -1)
 
-        if pad_size > self.block_size // 8:
+        if not (0 < pad_size <= self.block_size // 8):
             raise ValueError("Invalid padding bytes")
 
         mismatch = 0
author	Hynek Schlawack <hs@ox.cx>	2013-11-09 07:13:52 -0800
committer	Hynek Schlawack <hs@ox.cx>	2013-11-09 07:13:52 -0800
commit	df52fa9d388c2fc7d721c0fba5ca21ec88a01a15 (patch)
tree	f44dda3b7c2d612dc8dfbcf1a63edb411e466b98 /cryptography
parent	323faa72138f2e9c5249d9a42e7f42d741aec873 (diff)
parent	715e85f3f39a2b8f50ae810ba86d64af30e13c56 (diff)
download	cryptography-df52fa9d388c2fc7d721c0fba5ca21ec88a01a15.tar.gz cryptography-df52fa9d388c2fc7d721c0fba5ca21ec88a01a15.tar.bz2 cryptography-df52fa9d388c2fc7d721c0fba5ca21ec88a01a15.zip