Message 293192 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	Sebastian.Noack
Recipients	Sebastian.Noack
Date	2017-05-07.13:31:51
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1494163912.12.0.28043122667.issue30297@psf.upfronthosting.co.za>
In-reply-to

Content
If I run following code (on Python 3.5.3, Linux) the interpreter crashes with a segfault: def pbkdf2_bin(data, salt, iterations=1000, keylen=24, hashfunc=None): hashfunc = hashfunc or hashlib.sha1 mac = hmac.new(data, None, hashfunc) def _pseudorandom(x, mac=mac): h = mac.copy() h.update(x) return h.digest() buf = [] for block in range(1, -(-keylen // mac.digest_size) + 1): rv = u = _pseudorandom(salt + _pack_int(block)) for i in range(iterations - 1): u = _pseudorandom(u) rv = starmap(xor, zip(rv, u)) buf.extend(rv) return bytes(buf[:keylen]) pbkdf2_bin(b'1234567890', b'1234567890', 200000, 32) I was able to track it down to the line of buf.extend(rv) which apparently is causing the segfault. Note that rv is a lazy-evaluated starmap. I also get a segfault if I evaluate it by other means (e.g. by passing it to the list constructor). However, if I evaluate it immediately by wrapping the starmap constructor with the list constructor, the code works as expected. But I wasn't able yet, to further isolate the issue. FWIW, the Python 2 version [1] of this code works just fine without forcing immediate evaluation of the starmap. Note that the code posted, except for the bits I changed in order to make it compatible with Python 3, is under the copyright of Armin Ronacher, who published it under the BSD license. [1]: https://github.com/mitsuhiko/python-pbkdf2

If I run following code (on Python 3.5.3, Linux) the interpreter crashes with a segfault:


def pbkdf2_bin(data, salt, iterations=1000, keylen=24, hashfunc=None):
    hashfunc = hashfunc or hashlib.sha1
    mac = hmac.new(data, None, hashfunc)
    def _pseudorandom(x, mac=mac):
        h = mac.copy()
        h.update(x)
        return h.digest()
    buf = []
    for block in range(1, -(-keylen // mac.digest_size) + 1):
        rv = u = _pseudorandom(salt + _pack_int(block))
        for i in range(iterations - 1):
            u = _pseudorandom(u)
            rv = starmap(xor, zip(rv, u))
        buf.extend(rv)
    return bytes(buf[:keylen])

pbkdf2_bin(b'1234567890', b'1234567890', 200000, 32)


I was able to track it down to the line of buf.extend(rv) which apparently is causing the segfault. Note that rv is a lazy-evaluated starmap. I also get a segfault if I evaluate it by other means (e.g. by passing it to the list constructor). However, if I evaluate it immediately by wrapping the starmap constructor with the list constructor, the code works as expected. But I wasn't able yet, to further isolate the issue. FWIW, the Python 2 version [1] of this code works just fine without forcing immediate evaluation of the starmap.

Note that the code posted, except for the bits I changed in order to make it compatible with Python 3, is under the copyright of Armin Ronacher, who published it under the BSD license.

[1]: https://github.com/mitsuhiko/python-pbkdf2

History
Date	User	Action	Args
2017-05-07 13:31:52	Sebastian.Noack	set	recipients: + Sebastian.Noack
2017-05-07 13:31:52	Sebastian.Noack	set	messageid: <1494163912.12.0.28043122667.issue30297@psf.upfronthosting.co.za>
2017-05-07 13:31:51	Sebastian.Noack	link	issue30297 messages
2017-05-07 13:31:51	Sebastian.Noack	create