Handle invalid timestamp length

author: Alex Gaynor <alex.gaynor@gmail.com> 2013-12-20 11:02:33 -0800
committer: Alex Gaynor <alex.gaynor@gmail.com> 2013-12-20 11:02:33 -0800
commit: e78960fa8c2a210484695bf2e20c4847313cf5a0 (patch)
tree: cd5760d1da82cac45de7c5ac8e21164d1e92ee04 /cryptography
parent: 05515723738870170b05b47ee260564b9ebe62f9 (diff)
download: cryptography-e78960fa8c2a210484695bf2e20c4847313cf5a0.tar.gz
cryptography-e78960fa8c2a210484695bf2e20c4847313cf5a0.tar.bz2
cryptography-e78960fa8c2a210484695bf2e20c4847313cf5a0.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/cryptography/fernet.py b/cryptography/fernet.py
index 10698f29..b59f6a94 100644
--- a/cryptography/fernet.py
+++ b/cryptography/fernet.py
@@ -94,7 +94,10 @@ class Fernet(object):
         if six.indexbytes(data, 0) != 0x80:
             raise InvalidToken
 
-        timestamp = struct.unpack(">Q", data[1:9])[0]
+        try:
+            timestamp, = struct.unpack(">Q", data[1:9])
+        except struct.error:
+            raise InvalidToken
         iv = data[9:25]
         ciphertext = data[25:-32]
         if ttl is not None:
author	Alex Gaynor <alex.gaynor@gmail.com>	2013-12-20 11:02:33 -0800
committer	Alex Gaynor <alex.gaynor@gmail.com>	2013-12-20 11:02:33 -0800
commit	e78960fa8c2a210484695bf2e20c4847313cf5a0 (patch)
tree	cd5760d1da82cac45de7c5ac8e21164d1e92ee04 /cryptography
parent	05515723738870170b05b47ee260564b9ebe62f9 (diff)
download	cryptography-e78960fa8c2a210484695bf2e20c4847313cf5a0.tar.gz cryptography-e78960fa8c2a210484695bf2e20c4847313cf5a0.tar.bz2 cryptography-e78960fa8c2a210484695bf2e20c4847313cf5a0.zip