fixes #416 -- correctly handle invalid salts (#417)

author: Alex Gaynor <alex.gaynor@gmail.com> 2022-09-16 10:22:40 -0400
committer: GitHub <noreply@github.com> 2022-09-16 09:22:40 -0500
commit: e1ed0f46caf49be26a43628375d0b09ca79a7b97 (patch)
tree: 297b8690bb0ceb4fb5e31adaf03abc440a6522b3
parent: cd4229d64c33627db84866499a9b8daf6ffdd19f (diff)
download: py-bcrypt-git-e1ed0f46caf49be26a43628375d0b09ca79a7b97.tar.gz
2 files changed, 8 insertions, 1 deletions
diff --git a/src/_bcrypt/src/lib.rs b/src/_bcrypt/src/lib.rs
index 8e61c3d..b323e32 100644
--- a/src/_bcrypt/src/lib.rs
+++ b/src/_bcrypt/src/lib.rs
@@ -49,7 +49,9 @@ fn hashpass<'p>(
         .try_into()
         .map_err(|_| pyo3::exceptions::PyValueError::new_err("Invalid salt"))?;
 
-    let hashed = py.allow_threads(|| bcrypt::hash_with_salt(password, cost, raw_salt).unwrap());
+    let hashed = py
+        .allow_threads(|| bcrypt::hash_with_salt(password, cost, raw_salt))
+        .map_err(|_| pyo3::exceptions::PyValueError::new_err("Invalid salt"))?;
     Ok(pyo3::types::PyBytes::new(
         py,
         hashed.format_for_version(version).as_bytes(),
diff --git a/tests/test_bcrypt.py b/tests/test_bcrypt.py
index c6deb85..f0df6bf 100644
--- a/tests/test_bcrypt.py
+++ b/tests/test_bcrypt.py
@@ -272,6 +272,11 @@ def test_checkpw_bad_salt():
             b"badpass",
             b"$2b$04$?Siw3Nv3Q/gTOIPetAyPr.GNj3aO0lb1E5E9UumYGKjP9BYqlNWJe",
         )
+    with pytest.raises(ValueError):
+        bcrypt.checkpw(
+            b"password",
+            b"$2b$3$mdEQPMOtfPX.WGZNXgF66OhmBlOGKEd66SQ7DyJPGucYYmvTJYviy",
+        )
 
 
 def test_checkpw_str_password():
author	Alex Gaynor <alex.gaynor@gmail.com>	2022-09-16 10:22:40 -0400
committer	GitHub <noreply@github.com>	2022-09-16 09:22:40 -0500
commit	e1ed0f46caf49be26a43628375d0b09ca79a7b97 (patch)
tree	297b8690bb0ceb4fb5e31adaf03abc440a6522b3
parent	cd4229d64c33627db84866499a9b8daf6ffdd19f (diff)
download	py-bcrypt-git-e1ed0f46caf49be26a43628375d0b09ca79a7b97.tar.gz