diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2013-12-20 11:02:33 -0800 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2013-12-20 11:02:33 -0800 |
| commit | e78960fa8c2a210484695bf2e20c4847313cf5a0 (patch) | |
| tree | cd5760d1da82cac45de7c5ac8e21164d1e92ee04 | |
| parent | 05515723738870170b05b47ee260564b9ebe62f9 (diff) | |
| download | cryptography-e78960fa8c2a210484695bf2e20c4847313cf5a0.tar.gz cryptography-e78960fa8c2a210484695bf2e20c4847313cf5a0.tar.bz2 cryptography-e78960fa8c2a210484695bf2e20c4847313cf5a0.zip | |
Handle invalid timestamp length
| -rw-r--r-- | cryptography/fernet.py | 5 | ||||
| -rw-r--r-- | tests/test_fernet.py | 5 |
2 files changed, 9 insertions, 1 deletions
diff --git a/cryptography/fernet.py b/cryptography/fernet.py index 10698f29..b59f6a94 100644 --- a/cryptography/fernet.py +++ b/cryptography/fernet.py @@ -94,7 +94,10 @@ class Fernet(object): if six.indexbytes(data, 0) != 0x80: raise InvalidToken - timestamp = struct.unpack(">Q", data[1:9])[0] + try: + timestamp, = struct.unpack(">Q", data[1:9]) + except struct.error: + raise InvalidToken iv = data[9:25] ciphertext = data[25:-32] if ttl is not None: diff --git a/tests/test_fernet.py b/tests/test_fernet.py index 77661180..45188c47 100644 --- a/tests/test_fernet.py +++ b/tests/test_fernet.py @@ -74,6 +74,11 @@ class TestFernet(object): with pytest.raises(InvalidToken): f.decrypt(base64.urlsafe_b64encode(b"\x81")) + def test_timestamp_too_short(self, backend): + f = Fernet(Fernet.generate_key(), backend=backend) + with pytest.raises(InvalidToken): + f.decrypt(base64.urlsafe_b64encode(b"\x80abc")) + def test_unicode(self, backend): f = Fernet(base64.urlsafe_b64encode(b"\x00" * 32), backend=backend) with pytest.raises(TypeError): |