Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Thread safety problem #12

Closed
GoogleCodeExporter opened this issue Oct 31, 2015 · 1 comment
Closed

Thread safety problem #12

GoogleCodeExporter opened this issue Oct 31, 2015 · 1 comment
Labels
auto-migrated Priority-Critical Type-Defect

Comments

@GoogleCodeExporter
Copy link 

Hello!

I have nothing to do with python, but stumbled over this code.

The pybc_bcrypt function is not threadsafe, as it uses a static buffer 
('encrypted') as the returnvalue.

As a consequence I think that the 

        Py_BEGIN_ALLOW_THREADS;
        ret = pybc_bcrypt(password_copy, salt_copy);
        Py_END_ALLOW_THREADS;

code can produce invalid results when called from multiple threads.
Best solution should be to pass the result buffer as an additional parameter.

Best regards
Sönke

Original issue reported on code.google.com by xgcs...@gmail.com on 15 Jan 2013 at 12:02
@GoogleCodeExporter
Copy link
Author 

Fixed in py-bcrypt-0.3. I apologise for noticing your bug about 30 minutes 
after I made the release.

It turned out that it may have been possible to bypass authentication by 
arranging for threads to write over the shared data.

Original comment by d...@djm.net.au on 18 Mar 2013 at 9:20

  • Changed title: Thread safety problem
  • Changed state: Fixed
  • Added labels: Priority-Critical
  • Removed labels: Priority-Medium

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auto-migrated Priority-Critical Type-Defect
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GoogleCodeExporter