diff options
-rw-r--r-- | cryptography/hazmat/primitives/padding.py | 4 | ||||
-rw-r--r-- | tests/hazmat/primitives/test_padding.py | 2 |
2 files changed, 4 insertions, 2 deletions
diff --git a/cryptography/hazmat/primitives/padding.py b/cryptography/hazmat/primitives/padding.py index ddcadd89..eac18c2a 100644 --- a/cryptography/hazmat/primitives/padding.py +++ b/cryptography/hazmat/primitives/padding.py @@ -101,12 +101,12 @@ class _PKCS7UnpaddingContext(object): if self._buffer is None: raise ValueError("Context was already finalized") - if not self._buffer: + if len(self._buffer) != self.block_size // 8: raise ValueError("Invalid padding bytes") pad_size = six.indexbytes(self._buffer, -1) - if pad_size > self.block_size // 8: + if not (0 < pad_size <= self.block_size // 8): raise ValueError("Invalid padding bytes") mismatch = 0 diff --git a/tests/hazmat/primitives/test_padding.py b/tests/hazmat/primitives/test_padding.py index 3cefafaf..6a2b6243 100644 --- a/tests/hazmat/primitives/test_padding.py +++ b/tests/hazmat/primitives/test_padding.py @@ -29,6 +29,8 @@ class TestPKCS7(object): (128, b"1111111111111111"), (128, b"111111111111111\x06"), (128, b""), + (128, b"\x06" * 6), + (128, b"\x00" * 16), ]) def test_invalid_padding(self, size, padded): unpadder = padding.PKCS7(size).unpadder() |