Bug report
Bug description:
The following leaks:
def test_leak1(self):
import _hashlib
self.assertRaises(TypeError, _hashlib.hmac_new, b"key", 1, "sha256")The issue is in _hashlib_hmac_new_impl:
self = PyObject_New(HMACobject, type);
...
if ((msg_obj != NULL) && (msg_obj != Py_None)) {
if (!_hmac_update(self, msg_obj))
goto error;
}
return (PyObject*)self;
error:
if (ctx) HMAC_CTX_free(ctx);
if (self) PyObject_Free(self);
return NULL;More precisely, the issue is that we are only calling PyObject_Free(self) and we are not decrefing the type. So we need to call Py_XDECREF(self); instead and free ctx separately if self has not already been allocated. Note that the HMAC context is still cleared so we should not leak anything sensitive.
There is also a missing HMAC_CTX_free call in _hmac_digest, if the copy of the HMAC context fails. Again, there shouldn't be a security issue as the temporary context should still not be initialized on failure (and the secret key is not stored within, hopefully).
CPython versions tested on:
CPython main branch
Operating systems tested on:
No response
Linked PRs
Bug report
Bug description:
The following leaks:
The issue is in
_hashlib_hmac_new_impl:More precisely, the issue is that we are only calling
PyObject_Free(self)and we are not decrefing the type. So we need to callPy_XDECREF(self);instead and freectxseparately ifselfhas not already been allocated. Note that the HMAC context is still cleared so we should not leak anything sensitive.There is also a missing
HMAC_CTX_freecall in_hmac_digest, if the copy of the HMAC context fails. Again, there shouldn't be a security issue as the temporary context should still not be initialized on failure (and the secret key is not stored within, hopefully).CPython versions tested on:
CPython main branch
Operating systems tested on:
No response
Linked PRs
_hashlib.hmac_{new,digest}#130152_hashlib.hmac_{new,digest}(GH-130152) #130491_hashlib.hmac_{new,digest}(GH-130152) #130539