aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--cryptography/fernet.py5
-rw-r--r--tests/test_fernet.py5
2 files changed, 9 insertions, 1 deletions
diff --git a/cryptography/fernet.py b/cryptography/fernet.py
index 10698f29..b59f6a94 100644
--- a/cryptography/fernet.py
+++ b/cryptography/fernet.py
@@ -94,7 +94,10 @@ class Fernet(object):
if six.indexbytes(data, 0) != 0x80:
raise InvalidToken
- timestamp = struct.unpack(">Q", data[1:9])[0]
+ try:
+ timestamp, = struct.unpack(">Q", data[1:9])
+ except struct.error:
+ raise InvalidToken
iv = data[9:25]
ciphertext = data[25:-32]
if ttl is not None:
diff --git a/tests/test_fernet.py b/tests/test_fernet.py
index 77661180..45188c47 100644
--- a/tests/test_fernet.py
+++ b/tests/test_fernet.py
@@ -74,6 +74,11 @@ class TestFernet(object):
with pytest.raises(InvalidToken):
f.decrypt(base64.urlsafe_b64encode(b"\x81"))
+ def test_timestamp_too_short(self, backend):
+ f = Fernet(Fernet.generate_key(), backend=backend)
+ with pytest.raises(InvalidToken):
+ f.decrypt(base64.urlsafe_b64encode(b"\x80abc"))
+
def test_unicode(self, backend):
f = Fernet(base64.urlsafe_b64encode(b"\x00" * 32), backend=backend)
with pytest.raises(TypeError):
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-05 01:07:15 +0000