Tree - rpms/python2.7 - src.fedoraproject.org

rpms / python2.7

Overview Files Commits Branches Forks Releases

Monitoring status:

Bugzilla Assignee:

Fedora:: python-maint
EPEL:: python-maint

Files

Commit: 2a2fb3b590a9a06a5250accc5698c7bc2a0a0729

Blob Blame History Raw

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Fedora Python maintainers <python-devel@lists.fedoraproject.org>
Date: Wed, 15 Jul 2020 15:40:53 +0200
Subject: [PATCH] 00169-avoid-implicit-usage-of-md5-in-multiprocessing.patch

00169 #
Use SHA-256 rather than implicitly using MD5 within the challenge handling
in multiprocessing.connection

Sent upstream as http://bugs.python.org/issue17258
(rhbz#879695)
---
 Lib/multiprocessing/connection.py | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/Lib/multiprocessing/connection.py b/Lib/multiprocessing/connection.py
index 645a26f069e..d4dc6ac19d5 100644
--- a/Lib/multiprocessing/connection.py
+++ b/Lib/multiprocessing/connection.py
@@ -56,6 +56,10 @@ BUFSIZE = 8192
 # A very generous timeout when it comes to local connections...
 CONNECTION_TIMEOUT = 20.
 
+# The hmac module implicitly defaults to using MD5.
+# Support using a stronger algorithm for the challenge/response code:
+HMAC_DIGEST_NAME='sha256'
+
 _mmap_counter = itertools.count()
 
 default_family = 'AF_INET'
@@ -413,12 +417,16 @@ CHALLENGE = b'#CHALLENGE#'
 WELCOME = b'#WELCOME#'
 FAILURE = b'#FAILURE#'
 
+def get_digestmod_for_hmac():
+    import hashlib
+    return getattr(hashlib, HMAC_DIGEST_NAME)
+
 def deliver_challenge(connection, authkey):
     import hmac
     assert isinstance(authkey, bytes)
     message = os.urandom(MESSAGE_LENGTH)
     connection.send_bytes(CHALLENGE + message)
-    digest = hmac.new(authkey, message).digest()
+    digest = hmac.new(authkey, message, get_digestmod_for_hmac()).digest()
     response = connection.recv_bytes(256)        # reject large message
     if response == digest:
         connection.send_bytes(WELCOME)
@@ -432,7 +440,7 @@ def answer_challenge(connection, authkey):
     message = connection.recv_bytes(256)         # reject large message
     assert message[:len(CHALLENGE)] == CHALLENGE, 'message = %r' % message
     message = message[len(CHALLENGE):]
-    digest = hmac.new(authkey, message).digest()
+    digest = hmac.new(authkey, message, get_digestmod_for_hmac()).digest()
     connection.send_bytes(digest)
     response = connection.recv_bytes(256)        # reject large message
     if response != WELCOME:

rpms / python2.7

Source Code

Files