You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm quite new in the MicroPython development space. I'm starting a new project: A Specter/SeedSigner but for web3/evm. So I forked a derivative of this hashlib section, to build the first part of this new project. During early development, I noticed that the added functions hashlib_pbkdf2_hmac and hashlib_hmac_sha512 don't perform any check on the args length provided, before accessing the args array.
I'm concerned about the behavior when calling these functions from Python without arguments (or at least, less than expected). For example calling hashlib.hashlib_pbkdf2_hmac(). My understanding is that it would try to read data out of bound (so crash, because of potential block from the system). I'm not very sure about the exact behavior, but because of this doubt raised, I took the opportunity to add checks about the args length in my new code. See there, and similarly on line 365.
I'm reporting first this issue here, as I consider this is the upstream source.
The text was updated successfully, but these errors were encountered:
I'm quite new in the MicroPython development space. I'm starting a new project: A Specter/SeedSigner but for web3/evm. So I forked a derivative of this hashlib section, to build the first part of this new project. During early development, I noticed that the added functions hashlib_pbkdf2_hmac and hashlib_hmac_sha512 don't perform any check on the args length provided, before accessing the args array.
I'm concerned about the behavior when calling these functions from Python without arguments (or at least, less than expected). For example calling
hashlib.hashlib_pbkdf2_hmac(). My understanding is that it would try to read data out of bound (so crash, because of potential block from the system). I'm not very sure about the exact behavior, but because of this doubt raised, I took the opportunity to add checks about the args length in my new code. See there, and similarly on line 365.I'm reporting first this issue here, as I consider this is the upstream source.
The text was updated successfully, but these errors were encountered: