File CVE-2023-23931-dont-allow-update-into.patch of Package saltbundlepy-cryptography

Index: cryptography-3.3.2/src/cryptography/hazmat/backends/openssl/ciphers.py
===================================================================
--- cryptography-3.3.2.orig/src/cryptography/hazmat/backends/openssl/ciphers.py
+++ cryptography-3.3.2/src/cryptography/hazmat/backends/openssl/ciphers.py
@@ -135,7 +135,7 @@ class _CipherContext(object):
         data_processed = 0
         total_out = 0
         outlen = self._backend._ffi.new("int *")
-        baseoutbuf = self._backend._ffi.from_buffer(buf)
+        baseoutbuf = self._backend._ffi.from_buffer(buf, require_writable=True)
         baseinbuf = self._backend._ffi.from_buffer(data)
 
         while data_processed != total_data_len:
Index: cryptography-3.3.2/tests/hazmat/primitives/test_ciphers.py
===================================================================
--- cryptography-3.3.2.orig/tests/hazmat/primitives/test_ciphers.py
+++ cryptography-3.3.2/tests/hazmat/primitives/test_ciphers.py
@@ -235,6 +235,14 @@ class TestCipherUpdateInto(object):
         assert res == len(pt)
         assert bytes(buf)[:res] == ct
 
+    def test_update_into_immutable(self, backend):
+        key = b"\x00" * 16
+        c = ciphers.Cipher(AES(key), modes.ECB(), backend)
+        encryptor = c.encryptor()
+        buf = b"\x00" * 32
+        with pytest.raises((TypeError, BufferError)):
+            encryptor.update_into(b"testing", buf)
+
     @pytest.mark.supported(
         only_if=lambda backend: backend.cipher_supported(
             AES(b"\x00" * 16), modes.GCM(b"0" * 12)
openSUSE Build Service is sponsored by