M2Crypto related segfault in pbkdf2

[GoogleCodeExporter]

What steps will reproduce the problem?
Use a key length longer than 31 (not 40 as the comment in the source says) and 
cause an overflow in m2crypto.

What version of the product are you using? On what operating system?
1.5.3, mac (but all are affected)

Please provide any additional information below.

There is a comment in utils/pbkdf2.py:

#NOTE: M2crypto reliably segfaults for me if given keylengths
# larger than 40 (crashes at 41 on one system, 61 on another).
# so just avoiding it for longer calls.

This is the source of the issue:

See bug https://bugzilla.osafoundation.org/show_bug.cgi?id=13052

To be safe for now you should use a value safe with the buffer in m2crypto (not 
40 as that still overflows) and keep an eye out on that issue being fixed 
before the note and workaround can be removed. 

Original issue reported on code.google.com by rr2...@gmail.com on 4 Apr 2012 at 7:20

[GoogleCodeExporter]

This issue was closed by revision fd4e8146247f.

Original comment by elic@astllc.org on 13 Apr 2012 at 1:53

• Changed state: Fixed

[GoogleCodeExporter]

Thanks for finding that... and especially for tracking down the underlying 
m2crypto bug. I'll keep a watch for them to fix it. In the meantime, the 
corrected workaround  should be included in the upcoming Passlib 1.6 release.

Original comment by elic@astllc.org on 13 Apr 2012 at 2:00

• Added labels: Milestone-Release1.6

[GoogleCodeExporter]

Original comment by elic@astllc.org on 13 Apr 2012 at 2:04

[GoogleCodeExporter]

Passlib 1.6 has been released, and includes the fixed workaround.

Original comment by elic@astllc.org on 1 May 2012 at 8:48

• Changed state: Done