From 715e85f3f39a2b8f50ae810ba86d64af30e13c56 Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Sat, 9 Nov 2013 06:45:00 -0800
Subject: Fixed two bugs in the PKCS7 padding where unpadding would accept bad
 inputs.

---
 cryptography/hazmat/primitives/padding.py | 4 ++--
 tests/hazmat/primitives/test_padding.py   | 2 ++
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/cryptography/hazmat/primitives/padding.py b/cryptography/hazmat/primitives/padding.py
index ddcadd89..eac18c2a 100644
--- a/cryptography/hazmat/primitives/padding.py
+++ b/cryptography/hazmat/primitives/padding.py
@@ -101,12 +101,12 @@ class _PKCS7UnpaddingContext(object):
         if self._buffer is None:
             raise ValueError("Context was already finalized")
 
-        if not self._buffer:
+        if len(self._buffer) != self.block_size // 8:
             raise ValueError("Invalid padding bytes")
 
         pad_size = six.indexbytes(self._buffer, -1)
 
-        if pad_size > self.block_size // 8:
+        if not (0 < pad_size <= self.block_size // 8):
             raise ValueError("Invalid padding bytes")
 
         mismatch = 0
diff --git a/tests/hazmat/primitives/test_padding.py b/tests/hazmat/primitives/test_padding.py
index 3cefafaf..6a2b6243 100644
--- a/tests/hazmat/primitives/test_padding.py
+++ b/tests/hazmat/primitives/test_padding.py
@@ -29,6 +29,8 @@ class TestPKCS7(object):
         (128, b"1111111111111111"),
         (128, b"111111111111111\x06"),
         (128, b""),
+        (128, b"\x06" * 6),
+        (128, b"\x00" * 16),
     ])
     def test_invalid_padding(self, size, padded):
         unpadder = padding.PKCS7(size).unpadder()
-- 
cgit v1.2.3