You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello!
I have nothing to do with python, but stumbled over this code.
The pybc_bcrypt function is not threadsafe, as it uses a static buffer
('encrypted') as the returnvalue.
As a consequence I think that the
Py_BEGIN_ALLOW_THREADS;
ret = pybc_bcrypt(password_copy, salt_copy);
Py_END_ALLOW_THREADS;
code can produce invalid results when called from multiple threads.
Best solution should be to pass the result buffer as an additional parameter.
Best regards
Sönke
Original issue reported on code.google.com by xgcs...@gmail.com on 15 Jan 2013 at 12:02
The text was updated successfully, but these errors were encountered:
Fixed in py-bcrypt-0.3. I apologise for noticing your bug about 30 minutes
after I made the release.
It turned out that it may have been possible to bypass authentication by
arranging for threads to write over the shared data.
Original comment by d...@djm.net.au on 18 Mar 2013 at 9:20
Original issue reported on code.google.com by
xgcs...@gmail.com
on 15 Jan 2013 at 12:02The text was updated successfully, but these errors were encountered: