diff options
| author | Damien Miller <djm@mindrot.org> | 2011-03-28 12:03:45 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2011-03-28 12:03:45 +1100 |
| commit | e2d13662246d419fe9a1f749b0ea538646b6b61d (patch) | |
| tree | 3ae49f768cf1a0ce7a7761f4377d59318639158a | |
| parent | 9747d0aa7298784664f459d6382ee6be73961bbf (diff) | |
| download | py-bcrypt-e2d13662246d419fe9a1f749b0ea538646b6b61d.tar.gz | |
bzero copy of password and salt when we are done with them
| -rw-r--r-- | bcrypt/bcrypt_python.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/bcrypt/bcrypt_python.c b/bcrypt/bcrypt_python.c index a2d99d2..8c2c185 100644 --- a/bcrypt/bcrypt_python.c +++ b/bcrypt/bcrypt_python.c @@ -82,8 +82,11 @@ bcrypt_hashpw(PyObject *self, PyObject *args, PyObject *kw_args) ret = pybc_bcrypt(password_copy, salt_copy); Py_END_ALLOW_THREADS; + bzero(password_copy, strlen(password_copy)); free(password_copy); + bzero(salt_copy, strlen(salt_copy)); free(salt_copy); + if ((ret == NULL) || strcmp(ret, ":") == 0) { PyErr_SetString(PyExc_ValueError, "Invalid salt"); |