diff options
author | Eli Collins <elic@assurancetechnologies.com> | 2012-04-09 19:19:41 -0400 |
---|---|---|
committer | Eli Collins <elic@assurancetechnologies.com> | 2012-04-09 19:19:41 -0400 |
commit | ce8e7d2438a3804b50e9af2712302de8d72c9f50 (patch) | |
tree | 49628955655aca237687660f94938d0652d271cc /passlib/exc.py | |
parent | 34f766f4a2f11b19ce233e136e435c131531e42c (diff) | |
download | passlib-ce8e7d2438a3804b50e9af2712302de8d72c9f50.tar.gz |
*all* hashes now throw PasswordSizeError if password is larger than 4096 chars; to prevent DOS issues.
Diffstat (limited to 'passlib/exc.py')
-rw-r--r-- | passlib/exc.py | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/passlib/exc.py b/passlib/exc.py index cb158e7..44fadd4 100644 --- a/passlib/exc.py +++ b/passlib/exc.py @@ -14,6 +14,28 @@ class MissingBackendError(RuntimeError): from :class:`~passlib.utils.handlers.HasManyBackends`. """ +class PasswordSizeError(ValueError): + """Error raised if the password provided exceeds the limit set by Passlib. + + Many password hashes take proportionately larger amounts of + time and/or memory depending on the size of the password provided. + This could present a potential denial of service (DOS) situation + if a maliciously large password was provided to the application. + + Because of this, Passlib enforces a maximum of 4096 characters. + This error will be thrown if a password larger than + this is provided to any of the hashes in Passlib. + + Applications wishing to use a different limit should set the + ``PASSLIB_MAX_PASSWORD_SIZE`` environmental variable before Passlib + is loaded. + """ + def __init__(self): + ValueError.__init__(self, "password exceeds maximum allowed size") + + # this also prevents a glibc crypt segfault issue, detailed here ... + # http://www.openwall.com/lists/oss-security/2011/11/15/1 + #========================================================================== # warnings #========================================================================== |