Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
system:homeautomation:home-assistant
python-python-jose
CVE-2024-33664.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2024-33664.patch of Package python-python-jose
From 483529ee93a3ab510ab579d4d4cc644dba926ade Mon Sep 17 00:00:00 2001 From: princekhunt <info@princekhunt.com> Date: Wed, 20 Mar 2024 22:12:36 +0530 Subject: [PATCH] limit token size to 250 KB --- jose/jwe.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/jose/jwe.py b/jose/jwe.py index 2c387ff4..1e0833e7 100644 --- a/jose/jwe.py +++ b/jose/jwe.py @@ -76,6 +76,11 @@ def decrypt(jwe_str, key): >>> jwe.decrypt(jwe_string, 'asecret128bitkey') 'Hello, World!' """ + + # limit the token size to 250 KB + if len(jwe_str) > 250 * 1024: + raise JWEError("JWE string exceeds 250 KB") + header, encoded_header, encrypted_key, iv, cipher_text, auth_tag = _jwe_compact_deserialize(jwe_str) # Verify that the implementation understands and can process all
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor